7195736d327d3bd109efe831581c611a4fe4a3b7db0912b096a8c47f96240f9a

Analysis

max time kernel
297s
max time network
630s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 03:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Timeline_1 (1).mov
Size

11.5MB
MD5

3914976e692378a7dae718ec3d8fc911
SHA1

fee984b29d32463420580ac7d9b354f21edb44e4
SHA256

7195736d327d3bd109efe831581c611a4fe4a3b7db0912b096a8c47f96240f9a
SHA512

3fe6c20b19625b6b88bf6ed0fbfb089ab68c7c8065a9b9a9ca12575bfdc0c577f292f9ce3de91e9153aab19573ca8f9bba5517b010d32a07bd046871990f5e66
SSDEEP

196608:cYigMiW5qLCwahsITG46GGfBDLUwVW5yzwXnmjTWqfCZER9YE4Htd32XWCmP0HSq:lVKqWhrTGRGYu5yAmjEqDYdaj2ASq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2236	vlc.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2236	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2236	vlc.exe
Token: SeIncBasePriorityPrivilege	2236	vlc.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
2236	vlc.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2236	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 1004	860	chrome.exe	31
PID 860 wrote to memory of 1004	860	chrome.exe	31
PID 860 wrote to memory of 1004	860	chrome.exe	31
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 2652	860	chrome.exe	33
PID 860 wrote to memory of 1608	860	chrome.exe	34
PID 860 wrote to memory of 1608	860	chrome.exe	34
PID 860 wrote to memory of 1608	860	chrome.exe	34
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35
PID 860 wrote to memory of 444	860	chrome.exe	35

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Timeline_1 (1).mov"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef78f9758,0x7fef78f9768,0x7fef78f9778
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:2
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1032 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:8
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2164 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3388 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1112 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2064 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2564 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1996 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3432 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2700 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2988 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3428 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2528 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2928 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=856 --field-trial-handle=1296,i,3050848264030163376,4836770155224894850,131072 /prefetch:1
  2⤵
  PID:2576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\71a65a95-0a0f-409a-9807-86535a653725.tmp

Filesize
142KB

MD5
4f2f087c7721c15edaaf138b477d1cb3

SHA1
1a509d9b177da7900d153e11b485e4e038677585

SHA256
863e1f68718e44a62f791eaaf3c0654173b579ef4e44af9b7782d8f5fefc74e5

SHA512
8fbcb358432e7f49ffe3b95176623057c396588bd9252ea6203edaad259d0e5efd267aeb418f452197d3efb43429244940e2b45ad50ec0cc4f31a612b9e67052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
976763c946f932868b68197b36637804

SHA1
6877815a2d954672566a258fc666ecc03c2ab774

SHA256
0049adbd14b70bbd8747f151194e130d619c3fc607b821c1e300f2ca638d3182

SHA512
0cc72d1370ae005ff1a87ecf08892fa4bf919efaf6576189d87507e0286430183b1667cea038323002c049feeb26a8352514f3e8b7fd2a40814ee026402daecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e9d7bb75c2835de752c5641289561fb5

SHA1
19b2cf1958ed3e7144f98c13a9d0ea3aa97fa588

SHA256
a44c5e1a4afc2c3a668ca49f1d52f14b9188dffbcb6bb98222288bcbbc5b60df

SHA512
25404e9faf5aea99e2ac95e747c3f6f288533391c395fd97f8da65b5d62f9fe30116e2cac3eeabd826d4f23fc509b918a9325f0fe85a1fcbfe6ca68ebe77cdeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
915a83e76ce482ab1cb7ff404a272ed6

SHA1
573e161d83a546eb3fc179a0c7a507b9a7c6b4e2

SHA256
c5e3c5505f249d4e04017b4126867222205964f559ec1c040ab338b0d12e2c05

SHA512
a8db0108a0d24f5d985791b75b0f26d7af822d637363a08035b4bfb4cd70de8da48bb203a592375a500b1d8cb1acaac418759ca0a341d4574bc8bc14a9304e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d5bacc77-caab-488e-8cae-01237170367a.tmp

Filesize
170KB

MD5
69f85c79dee11ef80dddaf81c1ff0367

SHA1
da2a124193baec7187f75fa32194abb75826ede8

SHA256
bfb3ad9e1cd4244c8cef46a67e993f79d7a3a70660af6532c656c2f457f42821

SHA512
f52dc161acf8286396cb2e00029775adc4b6f9294913324b256814479a921f4d3b86cd1e8d95022b086e3332e681fa745178ac8261a2f30112ab8d0af4819ded

Download Submit
memory/2236-19-0x000007FEF6EB0000-0x000007FEF6EF1000-memory.dmp

Filesize
260KB

Download
memory/2236-44-0x000007FEF30D0000-0x000007FEF3195000-memory.dmp

Filesize
788KB

Download
memory/2236-13-0x000007FEF77D0000-0x000007FEF77E7000-memory.dmp

Filesize
92KB

Download
memory/2236-12-0x000007FEF8680000-0x000007FEF8691000-memory.dmp

Filesize
68KB

Download
memory/2236-11-0x000007FEFB420000-0x000007FEFB437000-memory.dmp

Filesize
92KB

Download
memory/2236-10-0x000007FEFBAF0000-0x000007FEFBB08000-memory.dmp

Filesize
96KB

Download
memory/2236-17-0x000007FEF65E0000-0x000007FEF67EB000-memory.dmp

Filesize
2.0MB

Download
memory/2236-32-0x000007FEF5310000-0x000007FEF5367000-memory.dmp

Filesize
348KB

Download
memory/2236-31-0x000007FEF5370000-0x000007FEF5381000-memory.dmp

Filesize
68KB

Download
memory/2236-30-0x000007FEF5390000-0x000007FEF540C000-memory.dmp

Filesize
496KB

Download
memory/2236-29-0x000007FEF5410000-0x000007FEF5477000-memory.dmp

Filesize
412KB

Download
memory/2236-18-0x000007FEF5530000-0x000007FEF65E0000-memory.dmp

Filesize
16.7MB

Download
memory/2236-34-0x000007FEF5170000-0x000007FEF5187000-memory.dmp

Filesize
92KB

Download
memory/2236-33-0x000007FEF5190000-0x000007FEF5310000-memory.dmp

Filesize
1.5MB

Download
memory/2236-28-0x000007FEF5480000-0x000007FEF54B0000-memory.dmp

Filesize
192KB

Download
memory/2236-27-0x000007FEF54B0000-0x000007FEF54C8000-memory.dmp

Filesize
96KB

Download
memory/2236-26-0x000007FEF54D0000-0x000007FEF54E1000-memory.dmp

Filesize
68KB

Download
memory/2236-25-0x000007FEF54F0000-0x000007FEF550B000-memory.dmp

Filesize
108KB

Download
memory/2236-24-0x000007FEF5510000-0x000007FEF5521000-memory.dmp

Filesize
68KB

Download
memory/2236-23-0x000007FEF6E20000-0x000007FEF6E31000-memory.dmp

Filesize
68KB

Download
memory/2236-22-0x000007FEF6E40000-0x000007FEF6E51000-memory.dmp

Filesize
68KB

Download
memory/2236-21-0x000007FEF6E60000-0x000007FEF6E78000-memory.dmp

Filesize
96KB

Download
memory/2236-20-0x000007FEF6E80000-0x000007FEF6EA1000-memory.dmp

Filesize
132KB

Download
memory/2236-15-0x000007FEF7790000-0x000007FEF77AD000-memory.dmp

Filesize
116KB

Download
memory/2236-47-0x000007FEF2FA0000-0x000007FEF300D000-memory.dmp

Filesize
436KB

Download
memory/2236-46-0x000007FEF3010000-0x000007FEF3072000-memory.dmp

Filesize
392KB

Download
memory/2236-45-0x000007FEF3080000-0x000007FEF30C2000-memory.dmp

Filesize
264KB

Download
memory/2236-14-0x000007FEF77B0000-0x000007FEF77C1000-memory.dmp

Filesize
68KB

Download
memory/2236-52-0x000007FEF2B90000-0x000007FEF2BA3000-memory.dmp

Filesize
76KB

Download
memory/2236-51-0x000007FEF2BB0000-0x000007FEF2BD3000-memory.dmp

Filesize
140KB

Download
memory/2236-53-0x000007FEF2A80000-0x000007FEF2B86000-memory.dmp

Filesize
1.0MB

Download
memory/2236-56-0x000007FEF2520000-0x000007FEF2567000-memory.dmp

Filesize
284KB

Download
memory/2236-59-0x000007FEF2060000-0x000007FEF20AE000-memory.dmp

Filesize
312KB

Download
memory/2236-61-0x000007FEF1FC0000-0x000007FEF1FF4000-memory.dmp

Filesize
208KB

Download
memory/2236-60-0x000007FEF2000000-0x000007FEF2057000-memory.dmp

Filesize
348KB

Download
memory/2236-58-0x000007FEF25E0000-0x000007FEF25F1000-memory.dmp

Filesize
68KB

Download
memory/2236-57-0x000007FEF24A0000-0x000007FEF2514000-memory.dmp

Filesize
464KB

Download
memory/2236-55-0x000007FEF2600000-0x000007FEF2661000-memory.dmp

Filesize
388KB

Download
memory/2236-54-0x000007FEF2670000-0x000007FEF2681000-memory.dmp

Filesize
68KB

Download
memory/2236-35-0x000007FEF3900000-0x000007FEF516F000-memory.dmp

Filesize
24.4MB

Download
memory/2236-50-0x000007FEF2BE0000-0x000007FEF2BF5000-memory.dmp

Filesize
84KB

Download
memory/2236-49-0x000007FEF2C00000-0x000007FEF2C11000-memory.dmp

Filesize
68KB

Download
memory/2236-48-0x000007FEF2C40000-0x000007FEF2EF0000-memory.dmp

Filesize
2.7MB

Download
memory/2236-43-0x000007FEF31A0000-0x000007FEF31B6000-memory.dmp

Filesize
88KB

Download
memory/2236-42-0x000007FEF31C0000-0x000007FEF31D1000-memory.dmp

Filesize
68KB

Download
memory/2236-41-0x000007FEF31E0000-0x000007FEF320F000-memory.dmp

Filesize
188KB

Download
memory/2236-40-0x000007FEFB4C0000-0x000007FEFB4D0000-memory.dmp

Filesize
64KB

Download
memory/2236-16-0x000007FEF6F00000-0x000007FEF6F11000-memory.dmp

Filesize
68KB

Download
memory/2236-9-0x000007FEF67F0000-0x000007FEF6AA6000-memory.dmp

Filesize
2.7MB

Download
memory/2236-8-0x000007FEFB350000-0x000007FEFB384000-memory.dmp

Filesize
208KB

Download
memory/2236-7-0x000000013FA80000-0x000000013FB78000-memory.dmp

Filesize
992KB

Download
memory/2236-39-0x000007FEF3630000-0x000007FEF367D000-memory.dmp

Filesize
308KB

Download
memory/2236-38-0x000007FEF3680000-0x000007FEF36C2000-memory.dmp

Filesize
264KB

Download
memory/2236-36-0x000007FEF36F0000-0x000007FEF38F6000-memory.dmp

Filesize
2.0MB

Download
memory/2236-37-0x000007FEF36D0000-0x000007FEF36E2000-memory.dmp

Filesize
72KB

Download
memory/2236-64-0x000007FEF67F0000-0x000007FEF6AA6000-memory.dmp

Filesize
2.7MB

Download