5d6ba62520f66e70ee281b44342d4271eb98a9b9a5c50e61c28d84c86eb21958

Analysis

max time kernel
38s
max time network
131s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23/04/2024, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Snake2Virus/Pythonwin/mfc140u.dll
Size

5.4MB
MD5

03a161718f1d5e41897236d48c91ae3c
SHA1

32b10eb46bafb9f81a402cb7eff4767418956bd4
SHA256

e06c4bd078f4690aa8874a3deb38e802b2a16ccb602a7edc2e077e98c05b5807
SHA512

7abcc90e845b43d264ee18c9565c7d0cbb383bfd72b9cebb198ba60c4a46f56da5480da51c90ff82957ad4c84a4799fa3eb0cedffaa6195f1315b3ff3da1be47
SSDEEP

49152:EuEsNcEc8/CK4b11P5ViH8gw0+NVQD5stWIlE7lva8iposS9j5fzSQzs7ID+AVuS:EnL8+5fiEnQFLOAkGkzdnEVomFHKnPS

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
92	dropbox.com
98	dropbox.com
102	dropbox.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 1980	2904	chrome.exe	29
PID 2904 wrote to memory of 1980	2904	chrome.exe	29
PID 2904 wrote to memory of 1980	2904	chrome.exe	29
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2428	2904	chrome.exe	31
PID 2904 wrote to memory of 2568	2904	chrome.exe	32
PID 2904 wrote to memory of 2568	2904	chrome.exe	32
PID 2904 wrote to memory of 2568	2904	chrome.exe	32
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33
PID 2904 wrote to memory of 2436	2904	chrome.exe	33

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Snake2Virus\Pythonwin\mfc140u.dll,#1
1⤵
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef74d9758,0x7fef74d9768,0x7fef74d9778
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=284 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:2
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:2
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2224 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3628 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3328 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3624 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3892 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2500 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2372 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3728 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3624 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4172 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2504 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2324 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2980 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2964 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1312 --field-trial-handle=1288,i,10446971420744980144,14336807867938052983,131072 /prefetch:8
  2⤵
  PID:1072

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2756

C:\Users\Admin\Downloads\Snake2Virus\Snake2Virus\Snake2.exe
"C:\Users\Admin\Downloads\Snake2Virus\Snake2Virus\Snake2.exe"
1⤵
PID:1220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c33163791bbb59e97e3cbbdeedf9702

SHA1
01b9826c50e0891345a3b723c00ded4986318604

SHA256
8dbc98913a6545429fb0f0d5c87dddc7f5452b0dbe918d6f7ace037c082a89f0

SHA512
cdc27d0da199de250d6206cfbbaca6506b16b88d544ef911bcc8a8503cdef9657745f60ff54cb2c13c94dbe6c2c81dbb4dcabf3a23a8d46695def9d5c4d8ac8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\62539fc9-b647-4386-9f9c-b6ebf449f918.tmp

Filesize
7KB

MD5
aa00d13009c3cc215c5e4fc372848184

SHA1
f43eeedc232c7c492f04924f0697e2ab9c790503

SHA256
614b53e0f49604df3a5bed1b9c825672e773950a8d3e91b54df44afe2bd6a49a

SHA512
488adb7b7264b763a49e4a5c1c4a8656a6f504138a7ad16ab6fb33310ca462ce2dfa5c33dd3b2b3362286053070a4325fc0593dc746553184b320a6f3be0afdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
25291ee25715476a14f5eb47cd3447b0

SHA1
aa0727f70d4b185e4df3ac00571ce14b60742dbd

SHA256
e3257186239c85f3ad4e2c539473e2774981bd77fd45fa689dd34a3cb4356118

SHA512
80fccb6a7ca511b1f750e1d554c3732d39d96f30d56a9784adb4a94a96b1feea500ca24fa34e0ad4e1066e799b8747312927bec9136c26a8f2b7ab67f8290d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf768c96.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d1c6d5be36e244127d9e579ebc704eec

SHA1
124a756cb5860c488613524eae44505f5b0ddce5

SHA256
60667d742e73d7f2ceb5084ab54f2725c5b9c27c648ec56f53dcc311712d7c8c

SHA512
4d17d876b27cc6992560a9c53328512da044ebdc92926f318451f6604c435f97e626b4794d834bd2e8a95733d3df3dca23d652a908f49b5701db9d58791d07ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e5109edd27015de0be760ea33aac8100

SHA1
18cf9a4407aea451574801ca149e883eddb05e34

SHA256
fbd0ba5c878f0b9721f3ffd6b6f12df8ec00217d77ddb2c88d122fad5aa79c2f

SHA512
89c8c0a9e962ccdceadd1abb976221778daeccbc2e552d1193e6d9a976dd05180f95b22cc14193d01bcbefa550ca8de74f5b1df782c7e445f7ac5447b1c00061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
a96fbdee8fc599afdd2ba43d72b15e3b

SHA1
c3fbc12a4eb5fabc7b18bf8805ec9e6dd35446e2

SHA256
e308bed806b6da27df6b89444da40ea64aa48a22b2b71dab926a56b051af5061

SHA512
8562b5e58f6d637b0b319ba5f8cecffdfc9818519aa4f64bd565d29e304c0858ddb51406c173c6e5199450cd9e4da95d6c223ce9c158fb17d84e23ea7ff12093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
e6c16e279a6daa476dac4d7cf3b1b984

SHA1
0eb49a9ff8e4e3b9b9a5099278679d67c4a5677c

SHA256
e0419d0aa9db3e83038be2e50f418be4607d44c0c9b9e3b4fa9f421d27c5592d

SHA512
a346effc04e497cdb300e8e810974627d1c93ad8dc41feb0d3b3e2459573b5970d07e5400154d288387b11ac6dd2ffce38065bbf48fe6d31442c355c93fb91a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
086c52aa1b32f3dedfa1dd126da95d88

SHA1
822033f3ea33715d11c3a34eddd8c8ae039a3dca

SHA256
d3c43394c378effa9e57880f7f9626380dfdf2522f895e042c763ec1a1f4d425

SHA512
07a326b8fa17c4338505733a1520ebd3b35bbf6d7dce4d89d4f9d0e7f085f8e1c97231183f44ef93c04a5295133e5693ef4e386cd5a1ec63faef398f752e08a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ae84c53ccc513dee8c8163e699e8a8cb

SHA1
75757dd886c915558fe460249a9d76597d72b94f

SHA256
4544326dad8fd7236714dbcc643762f026336df6f5fed2c7bc7d59293d623425

SHA512
52ff56fc841b212a78033d1b21f3e916b0e6fc4bb1e36fc244a71a0a1ff08d346a62e8a1ec19d64ebe34aae87812123db871c6b2924a3ace4b8618a6a49d25ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b7956aae387d9b9e11484e4a8a5d8dac

SHA1
1a6cc470c90890c83242e64afeb84af3458be4fe

SHA256
7684d918d9516b1a1108102babbca350b282433ce13df57f611271ea3ff28e95

SHA512
b3ec8206da994c06f69901276f89ab452ed66a8a58a18bf7a8627da7d083c906944558fda3f16f2c246496ca3e33ca96fd187c016ab9fc057020de74f290d643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d89697e45a087ab79bd8b30098a812b4

SHA1
967ddb75ce998e797b3158ec8d4432a53819d27f

SHA256
ec2da22f20abdf1bfcad29ea727ba108d102ecbf369f3013f929b76aa7d1f4a7

SHA512
40cdb87d61607cca857442cf5921768b605af2b96f3ecfcef86dba6b5df281e5c815103bd1ef6bd2e8a97142d495f16048b26778a6d6fde407e2503755db3aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bac8f4a503587c20746d6e4188dbc5a8

SHA1
56548e3a359499cc2c785cae0e0ee82cbc5f9700

SHA256
4483d9336e5f69f353265677c5cbe912182655793d5ccd88a799a2cea2b5adcd

SHA512
b923751a9864adc4ea294a4032febd56a8b7a971ab3dc18a67ba026ea9c7c6f1f29d693b16a096f8447b4ff4e67144f394c6ed956829d93069fffecb5b91706f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
559e1690c4bfe59f3abad3daffdb9a4e

SHA1
4cc12349ee46ade0cdeee59c32fcf35e82b5ffe7

SHA256
802581a5780cae7f21732200f935909a23124ec91522afd60d3e99e5e31df1ed

SHA512
d06d3e8f78c216cb495b1bfe5b823b6229a59d2c7b596eb2cd6db3566afd132bcfb83f6a8feabebe58cb4d222fd836605385c23b07cdb45316bb13f00e9da15e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
2f19856f09902148966e04109584191e

SHA1
181f43c9904c81085e7735a08897ea5060715e97

SHA256
0c0faba1008f5700c0348fb607b80a1839a9cc3c03f7ebbef4f8e2c078668323

SHA512
487d9e082f0d112d96405ac083fd7e1797e6ba4f79c7449e40bae6f058574f38e8bd01fa040e3bba4ab5564377e5ee3de93b89cbbd77525943f287e4b7403e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
c024710b5c23983ce0cd10f3b0b5dd4d

SHA1
c113059b820675be835d87ac7e3079b3e3cd596e

SHA256
c6660ca468eb8bd941fac66a889b360477254733c537d68a65682c5a86f9b215

SHA512
01783e8c4f0e0c21a6f6d37934dddc2ebca025dd3190ff226e4bb37f315388fd7d643fd27d52fbf833f51e538cd6045cc667f8daba60d6d3f3eff3ca49bb281c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
bf653d8445ce9a00ecd5f2ee37be3d27

SHA1
271a4935a8d48f01df4ebd3f1e34fb115885c59b

SHA256
a336cdfe66738222ac88671aa2a684d75ac216ee0bdb06665439b14596b24246

SHA512
be8635767d08753692b70a9c199949eec0f4d4e521f9c30cf6a58215ebf8121ba9d883e73836eb6f73f7295208e1f48518b36d4f195e0653c1b18ffbddf4f65c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
e5b470357a08c11dffa6f07a24d91f4c

SHA1
a4c7d080d2bd2a71f03b3e7190a7181f8d35cef8

SHA256
c1946e8d4098977147788fa1868dd429bbe3bab70991c0eec1b19e1fe30d3cfb

SHA512
96316524f237d537f6398cdd0587145dcf9fc353abfad3176ec7866f6d1cd383e52a8e12856441569b8cd1d275c39ae66f3204a0233ede1fd33cb597a88f3d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
fefcd0429c604423a185766f77a41228

SHA1
73ec97411547caa6c76b19cdcb106394054fb360

SHA256
10b70584da50da91123e3124af63709ea44cb9e99faca5955135b737de21e232

SHA512
3854422671ba7ef0632ecbfadcf49c36ddf5159e0a03e3bb3ddd7e5e5ddec586c778bfe82c39da082f1986d1d41119f6252244b84b3bf496ff57164798ce86ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
73KB

MD5
266c30f8dff2ba4d14b6aff3b682c6d0

SHA1
234dafbdec84450cf9b365252306625203906c7f

SHA256
871919ca79f901b8293949117d494dc389fef938de3de81dee5f4e98d45a8ce9

SHA512
87d5dde023f99d9609b0a0c71a1ca3e715db5bbeff6bac7e2396a771aa144f7741406b01eb18f7655cbd0e105bde002e8648986fcd4448271185229559a8107f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ff95ec47-53e5-4bc3-a05d-3d2aa4d7319e.tmp

Filesize
265KB

MD5
6b1941b01b2ea44ec44f7077a40b8ffe

SHA1
10e1ec15c0b3db590127d7bb50f150043523283d

SHA256
bf59fecfb7151a035f8bcc1c63f629caff1a481bcebead91551e9ca0f950659b

SHA512
619267fcfffb3d3ba2bafb8e2ce8744caa4a24477bf0c351695d87d09f9da54f05c42652c296ab50f9866c1f31a91bce6a87090206eb606ca1e16618d7a062a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar573B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\Snake2Virus.zip.crdownload

Filesize
16.6MB

MD5
c86e8bbae2594e8540521407f09a67c9

SHA1
28a9f7a4cf960b1655d9b80a5df2808b65383c7a

SHA256
5d6ba62520f66e70ee281b44342d4271eb98a9b9a5c50e61c28d84c86eb21958

SHA512
988dceea9f28534c65a4bb5b8eccfc6870eae43a168518c915c4a5aad036b719e569625bfb1309a2150c2b3f2989535f9c858ed1ac7fea2d1866d9446fd2e42e

Download Submit