bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Analysis

max time kernel
74s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
228	raw.githubusercontent.com
221	raw.githubusercontent.com
223	raw.githubusercontent.com
224	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2524	2464	chrome.exe	31
PID 2464 wrote to memory of 2524	2464	chrome.exe	31
PID 2464 wrote to memory of 2524	2464	chrome.exe	31
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 488	2464	chrome.exe	33
PID 2464 wrote to memory of 1416	2464	chrome.exe	34
PID 2464 wrote to memory of 1416	2464	chrome.exe	34
PID 2464 wrote to memory of 1416	2464	chrome.exe	34
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35
PID 2464 wrote to memory of 2080	2464	chrome.exe	35

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
1⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ce9758,0x7fef6ce9768,0x7fef6ce9778
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:2
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1416 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1972 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:2
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3232 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3236 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3944 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2476 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3864 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1840 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2772 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2036 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2768 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1680 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2412 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2012 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3112 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2368 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2040 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2404 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3064 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1568 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2484 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2480 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4040 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3748 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3540 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3928 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=2496 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3988 --field-trial-handle=1484,i,10494065250503306806,10677448424191593261,131072 /prefetch:1
  2⤵
  PID:2552

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c05591d4bf6d6bba142adb4abcca3310

SHA1
b8207af75cb485619ba627fe67b5c52f7e7ac8bb

SHA256
b2bd4881eca007cf975ca252d3c9eb9ce24ea67038999cbd3f416a06eeda90b1

SHA512
74ad783cfdaa7c2ea7880f3935cae3ca287a1b68b6cb1c7e35a1dacb3c44c76e5570980400601b5e1553e061b30d672ff7ae899a31d6345993f87998e571e303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\97a4cb54-ab27-44f1-9bef-2fb0b03cd937.tmp

Filesize
5KB

MD5
b8a7b1362a02647bd20dcbbba1c45ec1

SHA1
1946226a075099928b588e8c755a73502f1d5e31

SHA256
781ddddb1813c7e1bb10333405d64ad2e42d2818b4956b218f568a2b7ddc55a8

SHA512
c29bbc804bd3a61cf022f1682ce34b74f1822b482f97731fdf296d468fd5b451f3fddb03c01366f135821d0e4c245e0d7ad032f67edb49e9b805bfa5d96a7b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ddd0f69523348db0e6e9e2337e5ecc7a

SHA1
536340fde39c4a6d1a9c52969c0904921231e032

SHA256
3d3b79807fcc98c9479a7fde0dddbe3156fea40a90da39398f8c3d44c28225f8

SHA512
886b48811df9f138429d7f8df81f5ca9b800dc4827655f5495c856236092fa6354edd218d56e13a8178808368b206ec0f0f6ade7a69c5d8733f81a635dc80a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
92905b3f122a23636bf600a8b9cf48bd

SHA1
2ae08813b55ac70c94bb1e98ce5b1be8cfb42517

SHA256
f4230c41925f6e7d6a7fa7ac30db0d454ef6c6a2d1ed7ef0bc99bba5cca6e1a8

SHA512
9037006c8d8bb4071cbd584c95ccf3fd7dec7f83f2936c7bb37bf03fb30420423e3fbeadda57b049a67c3c5f5ee9cfb87a1b170dae3c6c2411cda2abb460a6ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
fee173fde88e7eabfe5488a43cf99950

SHA1
4be2600a3d67900ba0b63d1492f394b4bfc3e5b1

SHA256
018f8be266640d7684e052603bb5422cbb048d3f3f0408267a65bad9be170f31

SHA512
76304d6b16d3a980bdd0af02effcc448fd2f5ca8a7e5724d29d0cd42ed2a13553cf9f4dd08aa90976881c9af7721c4026a14eb65f27060b6cc41002d2f0f5a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
72efda020895732e93b9cfc90ede2e86

SHA1
9775bd175362cf4ecc7b3f0db3108ed7730690bc

SHA256
458d2e48f7a63f16ab8740014527417b02f4faf964685377c5efb8a03098f578

SHA512
f7849ea238f0aaa35d0af0b8eb5e3c844a5a6e543bf8d863b8bfff06672aeda954c418eda01987f063dfa239fef1c26cd36bd76601bdad51133d0ebb3b33f2c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
a8870ead83302f1bfd954456d3b8db4e

SHA1
715f604e581bce97b1995fc8b4f803f3b32b57bb

SHA256
1cbcbb7d80c793dc711490f58d172c3dc3c4cb900f947f3a78ddbc35b8cef1ac

SHA512
b11a023a2f08531fba000a5b45e8042c4bc8420b6be1460617e2f2af99520c5816869d90e24f6b29404c009985da0fbddcdd4aea8abf4bcb507fa71234a4a855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
292a88d43c054690485c571b453d1aa5

SHA1
bf51a2271edeb0d46b21a396d1cae9b4fa2b38ab

SHA256
91af3a41a2eb2940dc0fe492de9131f7e8fd8ada3bd7767df0b0298d7c24c79a

SHA512
cb7fdb55ce4d2aceb2b9fa66bae6bb507510340a4ca2d20c18b8886fedb397399b2a16f5c5483365eefac4e7fbba3284ba41b62fe84ec69076a32c5303c432d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
66c8386697345d1d737633750f2ab58c

SHA1
bf25509d718f293971c5e1c7206b907dbcbfd4bc

SHA256
2284140235b7057784252c23689e020dd36cf4317458d889d130c0baff4db457

SHA512
fc498d8d340f56d488da8d21979ab798f50891bc58b8863053e5d43266c977a29daff12a03a54a5fab1d4737df31ecc95a6e0c5634c08fc1b8b976f134af9c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f6ea8ec90b8d042007d94795a748e9f8

SHA1
3a8976b764d119adf29af6cd5b793ebcfe8e5fe5

SHA256
a9dc50bc0d7937d2901da3a50aac79e005c4227405af30b56d77e958bd2d2bd3

SHA512
518be0af893ec883759d00a4a8a30e47ba2c00ef148550f514ad99218852a10bdfc43bea154672e67190ae953b2eff8d01618b3614fdbbc30e5e3312137a563f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a32eaec1-c114-4eba-85c5-863d61951323.tmp

Filesize
6KB

MD5
881c0a0b889007ed13e145d2ae1e6ae6

SHA1
a41806070c7a2a6920b439078f40c062e8fa458a

SHA256
b4af0a72bf900c99580320b03b0cf6c975fe1c9a4cd4410b85c184a164fdec9e

SHA512
32b2f6e6ecf89e023f920358068ca8eb8dfad90e491906804d5a9958f98f69e5f8d4b606039f8ae05f34c8fd54d786e3127eccdbe66f6640eb7ff18b0f0bf346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
266KB

MD5
d3a65171e007cfa237d8297417876920

SHA1
4d4b683adf30d2cb9498801fd5711607ebfaf77b

SHA256
77de742bcad917f072edc379c122f6b38e85670922a8abbf65609746182758e3

SHA512
7c65d29d7fddeb277a2a1adc18fa1c4311284ea8ad91922f30426d9f8e36add34c8208b3287b6bc64f57b40078cb53b628a9e824fd51c9c5948ec4dc47db824d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C4E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\0d4585a7-f5ec-4588-a385-a512079b9bc0.tmp

Filesize
32KB

MD5
8d10475fd6d4478eca15061f07f6d05c

SHA1
7453584acfa48459aa08fbdccbb0a97d175d453b

SHA256
3fc60f97dc4cceb103337319ec7a61b5b87af672642a2ad31499b1280938f67a

SHA512
293a32f2ac16ac0a86423bb1ed78dc232db8c34cb2be64cd8dc6c1190d86f21f4f9ed1ef9f1633d71c3bdddc323979d7f3857de9aa6fb0fed2532365440cee4c

Download Submit