2d6eb433e813b2a938e494408091a0a5453248214951e548140f199f3e8c60cb

Resubmissions

14-05-2024 16:25

240514-txchpsef38 3

14-05-2024 16:20

240514-ts6wraeb5s 3

09-05-2024 18:00

240509-wldmqsfa5x 10

Analysis

max time kernel
30s
max time network
78s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sorry your not sigma.jpg
Size

309KB
MD5

fab5851613dff70a9c68608ee9dc4764
SHA1

83c97e70aa1f83554fa80e6b425ceea5b653f877
SHA256

2d6eb433e813b2a938e494408091a0a5453248214951e548140f199f3e8c60cb
SHA512

6afbb1fb0343bb9b6b672a3bab68b00e4a90ce3d5156806ca41affd5e392ab79e90de681d0fb4d3bb0523a7b1a1d3439ea65393bff09fcd55907bc8ef3f6ac4f
SSDEEP

6144:HyTONaEEn4ykLsUHgEQ3FCbv0/AjRkKjNNSF9dP2+cqhhuCYz+i0M7m1RtYViKj0:HyTTEcVk4Uq1YIAeKjrSFDPhckuz+nh5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2604	chrome.exe
2604	chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2652	2604	chrome.exe	31
PID 2604 wrote to memory of 2652	2604	chrome.exe	31
PID 2604 wrote to memory of 2652	2604	chrome.exe	31
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 2252	2604	chrome.exe	33
PID 2604 wrote to memory of 1004	2604	chrome.exe	34
PID 2604 wrote to memory of 1004	2604	chrome.exe	34
PID 2604 wrote to memory of 1004	2604	chrome.exe	34
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35
PID 2604 wrote to memory of 1948	2604	chrome.exe	35

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\sorry your not sigma.jpg"
1⤵
PID:1936

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5eb9758,0x7fef5eb9768,0x7fef5eb9778
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1376 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1444 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2092 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2100 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1824 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:2
  2⤵
  PID:284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1340 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3412 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3788 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2528 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2556 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3892 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4016 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4108 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1208 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2088 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2716 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3852 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3620 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2580 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3952 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4048 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2564 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3664 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4248 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3680 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2104 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3912 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=2576 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4488 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4108 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4420 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2576 --field-trial-handle=1528,i,12253187450008416726,4615493145662992840,131072 /prefetch:1
  2⤵
  PID:2068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cad872b7e4d26a659fd547ace151e9a1

SHA1
3971f5198924a43a1067209022563b291d379d69

SHA256
ec1f57b472e49122c9b749d9a7fee3be52241e14d1dc4f3a38b567f4f7690c93

SHA512
9c8332a66b0732294ecf3c2d8259e0bfdb70f39decb048d00c50a2fbde0f42b3aa53edb4e94ba27688b63e7976e56a2eb7c0eab1caa774a55cd2ce04ad982b55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94ce4b4f9bc4a6d526ca21401c4c6e3f

SHA1
edc8b5e5bd01ae9e4e1c3ebc0f1a5687f1081b54

SHA256
4851088bd6f22e38c6c23d02ffcfaea6b8b0a25df07bdb86d46d0502a0d91d18

SHA512
39d81403a1af569a8648ae24fa89c9b790ce223d7161e47048eb7244a21ab836d6068b8552e2758f2586262d20d56d088b421b68b86111301f4154aafb3fdadd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05a354a6c0b91ea0aa3726d95f1e10fa

SHA1
5e5216881c65e2c2c6a0568f9a0f3aef16039fbc

SHA256
cf13d4f16dad705dbb5bac414ef7d0aa1731c90e9c46dd16c08dd9568c62c131

SHA512
ce474b2cdbb04efbf924eeffa322d734c3f72766603a471dd2b238d45e0e3fc718d4907137f04733fb047a7f6ea56d1df3b12b100a069a1415b742838fe31a8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af08f760f1b396ba783cc647e6402c7b

SHA1
94546afbe44605d58ccd9e3e0175e3af54109428

SHA256
bf385713e8d9d6d3c0618d549357483d5581d9d6cf96abb6e243989a7aa69953

SHA512
6869d3d2a581033f59bb4b0bf22448e3e86a6b3dfcff893edf9226501c3e82c2566dbe0c6095b4b7436a91dd2bfc61a88fbcc155377533b528b6d3a12ffd336a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
022d9d228a2a832199e8878adcffdfd8

SHA1
2c268557df3df82fca552b1ef28231af5ef482b9

SHA256
c28b0012d94d994925e53459661024bc0eb31c4214c707603c8da1d843666a5c

SHA512
5093314315abeacda8e07bbe9e26e2e3a30f2d31df62ebc1fbd0543b3c0bcc6f65d65f205cc57423002460827258e702e9160303f757aeb50c461f7ad8eae88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7f23d535acf41edd1f178efb507b52fc

SHA1
bafa8c1158592d660b4e5c55af6d3fac2c190ac4

SHA256
306b4c2895629617525ef6e236a7450db2ba2de671de983804c51fd6bcfb493c

SHA512
b47ce01b9a73eacdad4b818c1a3f6d8ab6e103fb7f589251262e719408c76dd984489353db53b4b1da1ae556df4ab74a9c34ab71b8562e40a1c965039a6e7614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT~RFf76ed6b.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
0057255ed1af5d2e8909b0857fec683c

SHA1
b887e3905cff5632646ae8d38191a52f0a8b8034

SHA256
b888f349b662b288ff8b75467f2814d4f0c6da62b07bd8c6f3533e0ce99a5604

SHA512
5134a819d7553d5d5eb1d6a445c7c4bac474521fe17b5573c92f1b5fd5d5e059417c77e950f617b7da86aad40935fe3b0ba4f2c7250d12fab36ecaf52562928a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
6237e1c9a8c0b4796663418e51f44351

SHA1
54d3fffc09a13af319eda79c41f96f96380588b5

SHA256
75b725fd170345a6895ec9b24e0e91d14b12ca50f4c54961ab7427ed5b5d31a6

SHA512
6f3fa6fa6b2b29a2c2f613f640c2f3b5e649f5eccf7628b46edb0118e3d2f6665609f4927984d6a06e188c0bbb569f8eb1f218ad8bfe2ac3559eeaba08ec4ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4432bc9d6044670d470844dae728dd66

SHA1
69b32d75cbcad0cddf43578673988f648a10619d

SHA256
75f34aec1b45a5f86f1d1c98bc8699a6f194a870e77e3783476be2a8c82d7724

SHA512
af6e50b1d3a71bc05285298230bd7cb712247aa02aeb5617b3ad50f682c7835aa86dde30f386f25ebbb10268fbe24a6af89af82b417b5becc6817ca3f59e8a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54fccbd6814397c99336d6b0096184f0

SHA1
8b8d57baffd8c32c4e75f2ecbda528cec2632cc8

SHA256
e80d48dbd215e5902839ee6e5db637598e4b500afeb6660b32510d1a4c34cac1

SHA512
bd8241b8206a17293504fac64a8954fb4e6c439cdd83724948abbdef4b4dc3f790d57fec60941bf489cf0339d67c4ba9dec3febeda7983cdd024a46c2ec6a625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
af5aefc3fcc78eb82a8f1e7da52d576f

SHA1
a8f441f2d9daeb68c13b2ceddfa1e406f19dd8ad

SHA256
810996e95eea2068337f35317d73b55c77911cf39b633b559d30786f6187ba55

SHA512
674fd15707b862c285286d54746054509d83b301f2ea2ebc947913a188fa3b3dd54bc018df443badc8e63c08156c8fe2ec8234922fcae7128aaaa015ced213f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
35317d8167a35353bbea83ae9208b135

SHA1
539649bf56e29c7674fadeedcc3e9ee918303f1e

SHA256
758dcb1197d47f01597c67ac00fbe64ebc181756cd5d1fdf136712ff057491ad

SHA512
e4515795aa5a33cfee050558e39fe054d89e93b6783a6ed5a6b982412be7ed13f2bc3e664f458860f84e7933b0821081e7871f4a6adbcb917279aaaf7b367ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
86dc4290447357e81e3d18972f0e4cb1

SHA1
2d3f06b7cc3dd3c13f892b59547adb4eedd74b87

SHA256
78fdd4a22d11621ce44dceac9f5d8b83cff62927e8dc36d84d940cb35273941a

SHA512
d15e9530502dd69ba323b5080676afa0e2c0a6519601b37a6b5808b4b809439ac06efc7cc995ab8c9c1a86bfd5c5bb9a4e440177da982912d6293e7d7d70e08a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
cedc64915f652b33ba04c47325b3409c

SHA1
e54783238fb51dcf72458558924c2fbbcd132b69

SHA256
1a5516d72c87c2c8c95f0d4f04a56cd3c7583c5c6d6e2d410f2e78292334cb05

SHA512
5351803ac5c14a502ceeac6cb3953526ff7c76963f2f916616c80a27930de5a3766941511cf5a7efe50d33df7c24dfd7ee92408ded9ea7469477fa9f09051968

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB4B1.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB4B4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit