be4bb8b3a5255dcfd9f65de5f9249ad72a3f33db3aad1541936614e3917cb56b

Resubmissions

09/05/2024, 20:07

240509-yv94eafb63 10

09/05/2024, 20:04

240509-ytb5zsbh8v 6

Analysis

max time kernel
40s
max time network
142s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

view.html
Size

83KB
MD5

6b92c6775ae8f622ddb7235b14934094
SHA1

83d3c43d1e44e7d3059f6b89497d8e6d084db236
SHA256

be4bb8b3a5255dcfd9f65de5f9249ad72a3f33db3aad1541936614e3917cb56b
SHA512

ca9686c63e836045eb4eeae49e4a8bdf6fd921cbc13a7d969e9c3749617eb9ba3c3ff3e39763b9d0dae5d405c8ac18c83184af0d882e01e717ab0c1d41a39eb2
SSDEEP

1536:/6nzVs49wetijlbztQFKFwCo0W1Wh+1pE:Cl0jpt8z0b

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
17	drive.google.com
19	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2012	2360	chrome.exe	28
PID 2360 wrote to memory of 2012	2360	chrome.exe	28
PID 2360 wrote to memory of 2012	2360	chrome.exe	28
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2708	2360	chrome.exe	30
PID 2360 wrote to memory of 2616	2360	chrome.exe	31
PID 2360 wrote to memory of 2616	2360	chrome.exe	31
PID 2360 wrote to memory of 2616	2360	chrome.exe	31
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32
PID 2360 wrote to memory of 2644	2360	chrome.exe	32

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\view.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b39758,0x7fef6b39768,0x7fef6b39778
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:2
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:2
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3196 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3448 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3756 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4184 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4368 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4672 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4008 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3628 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4632 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4696 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4284 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3988 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4680 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1076 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1044 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1264,i,7750905100561157047,3630135527849200484,131072 /prefetch:8
  2⤵
  PID:1984

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5465a734-1a86-4141-8513-1364c17195ad.tmp

Filesize
7KB

MD5
952a401b245bfd45dd6d55e144469d08

SHA1
e6ba858388a68189498c22d1dc4ea11bd4074a12

SHA256
0b1112cf03441717f53a8fe0e82ee441337e6cc84e27a3b0d85bc8b48fdadf4a

SHA512
720648c1f57c1b0884b7ce6c0cef7331636a056b95181149248f398ddcc80a052118bdad8cada4a4716f38e6f8bc6b9cdfcafec5775044cb696ef6dd5663e0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\897c5be7-9266-45af-9c8b-ab6215cf4d86.tmp

Filesize
7KB

MD5
7dc7187bf813685d101bf9a5b0049f07

SHA1
56b9af98583136419a8e24158ad7bbb9bdb2212b

SHA256
9362f109068c4f3685fb8e6e7a1882311d7bb270cdfb3352c9cb11b76dc112d8

SHA512
9d9282be26b580b3d00092820582ead8803d8ba761b1ac662238c55ddf8e851df0e27f780add18bbe5afd973e4a26f638752f44f38c1a828924bda68edb07e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9159b7cf-4e13-4d79-87a3-42c944a98b13.tmp

Filesize
6KB

MD5
b0cef59a0b9f2beca5841ea8edf65d20

SHA1
c122284afee7cb516bab2d880830932faaddc2c9

SHA256
3c0fbacb732991676945ad6642289b5a4945fc9fe41fe7bfd47fe6b63b989b71

SHA512
d346f8322c1a1fa2b1bea6b8f72466ad4ebeb45f52acff9ccd3862555c749658c77a662e1a1929ffbf6251fc545407caa455560fc0d2b122afd21996d2c2b421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
2a493415be496b9bd34ff8361a61eb31

SHA1
febca152bc5b1e9cc2dd14f2c996a1bb79858758

SHA256
69eb56d9531e7f2506b26e34d14086dc4b581d641afb4d86fe4393aa6179562b

SHA512
3a4ff234bbb781efb9ea264ec59b8708b81a7ed8e300e7a52dce722a0a917b9e68b8622abd54706a05a3133191fc89742bf371ade3395dbd0ece3cc54e7c5ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6a39b89eec86573a0094187aaf3b570b

SHA1
cdfd555f7bef12d2fb2e3ef8ae48f8db650ac449

SHA256
8f33205071b0a8aef4813498b9cb302dc68b8de9c4d942cfc4c397bd15a73ea5

SHA512
1534c1cca2e8b541641181c0e5e6b2fdbd596202012f0f8dd06d861baf94160cafc36ebb1a2e60e3b6283d5c0f4e7ef1898f3e5e084086134b5b785871062b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
87840284ef5020e1592b6f04833f1bd4

SHA1
7bc95270d5518130ac164bc7d2b9baab5bbfb950

SHA256
d6023638586bdb05ae3c26048aa5bae6ebe3b71a2711bfcb218eb7e31f11221d

SHA512
c9bfeb24bee520cbef81cca2d8f2259aba5451026eac5474163bece01596b658cf261b9ef1a8eac11a1bb94d0f9ea4927e52abf56fe04b00383c1b9223fc7425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
147cc7deec060677e9568ed69d9a4c49

SHA1
b3c98ed78ffc8d74729e37bcf03fe151145c4ebf

SHA256
b3accb31a4cbbbc4d2b84669dd0daabdcfe3dc8292a6f0e02d85acd75c017926

SHA512
2ab0106764ad9ddf3e9ab5172698df6d8c55c4914b42ae65fae6f85c7d92bd484e976d0ce881de85c31921ad187812edde3694ef6e83041d34c9d7d454e0bae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
011d095a661ced98fdf0460770daada5

SHA1
3294ba0945c7e81dd1235bb3d906e2d70e00692e

SHA256
6ea774bd0f0d09c94eb1a8b3bea8ee4695c1015740f3b6741f6d235a0ac3fbfe

SHA512
22a04c3631ec44ab953d963454c635b3f8fee51e2375c12a3c851de6c95acbf579f2b6bc68049141b3f192ef47d8f11fa0d6e84c5e3ab937ab6aaacb18dfd5e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
adcc7bc971c1483abd81425708ed90ab

SHA1
123c93ef793f9874ca7c5dedc473cda06d4c7bab

SHA256
779f10ab3e3c10473343ec9ddf2d50493a713d20f0f548c367f020ee71b4f2ce

SHA512
199f785cabda95bdc6630b070124bd689dbbe8f1b46a4ba9a3b71ece0141161d58ee1b304114a661cbc19663f6684d547294a54fd689dbd0cbe54eeba7d14dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5f0aad873c3f16c7838b274ed463de95

SHA1
bb71c6d51296a9fa0b0c74e05b91cee45188284f

SHA256
1a3345a3d9b4b1ce20e7b8ccb232358bd56d9bdb01661763d43fe00ad2e4ec2c

SHA512
0db61f26ad73ab42655bca33ce51ccb3010300655b9d564c55c6b32725dda1533cfac9fd28a4a4eacde305a082ce7ad59d6e96d3af7154282b80e2d92920396f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a75441d476f08ab5bc657336a78af790

SHA1
d50778dd5a394f4ea8b022c23e6f3ccfa2a52b9c

SHA256
24d0ec3c2dd20e9d2f9d584abe3cbba6f95bbe8d46bde0fe61ee1e1b28486eb4

SHA512
f5ca5b4a1c41a6a185d79da36bf5d2795dc812b13e8c3f54214d5c0baf557eed440524a91b95422b3f2f95261c7edf8b49015f3596c4da4785248bd17ade351d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf772388.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
7db8703f1e34bb954341965dca6871e4

SHA1
78c52e460900612f217be7ff4d9fe040bfee20d3

SHA256
15d27b245e6606e4fdf258911a836928e87736183af68fed3f1b47530057b9b7

SHA512
0721af8ce58cad6b51879f6ad2b21667a38240d30475931c5e18aa79550fc190da9436f6eec932600fea4e636f7a43bf7a1b6ee1877676f93869d76d69150c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
80b1ed1c91bf662b2e84c2e7975c869a

SHA1
c550f4ced4c2da330f79fb655eb201a070138f59

SHA256
097ef46a917c086177b90ce4776847c73c581dc8fa523ccda3452e05b5b9633e

SHA512
0954b143249c21b3c07d8998d894b6230fc25e6ae23cba38fd4bede66b30ebe1b02c837336e506d7359edbb9fd959c53bd48240a64f8bc6d4549cfc65961a0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
79KB

MD5
232bd0cf0416aa16f5daa709b156d454

SHA1
c4ff01244ac4313f67bb7e2f21e5816406baac81

SHA256
351650e2e8b7481854c51f7a97f1e435d9ca82603930274565b8d0f0e4a14112

SHA512
bfc7e17fec254eac154ec8ba845eb403c499d246ef5fbc75b6e8254a07545f077c446cab6bb8c622d688a6b195c3880f01f5e614296c67e090f612501623cda0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
3b5cf0915be31ce3adf600cf401a1bda

SHA1
41df4146f1056f6a5ab94c7273677d31ba32b59a

SHA256
a65efd334ea7b68f970badb93d3011692e19e3f72b10f41adb2fc52fac1cc2fc

SHA512
6875f7093a7ce1a5b2848c08ef6e04027ba6f8649c77dd6b1628dfd049944a3b297c95cf99d898026b39084e1bce67466efaa7ea0a5533f443273238f53c72b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE631.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\x64__x32__installer.zip

Filesize
36.1MB

MD5
aabff70f84ad21c2414d165c7fb550f6

SHA1
bfd56f4dc8e884c532f4059ea72b700c90fec69d

SHA256
ab194da6e357aa35d154f61fe34464f7157b40955f3595d019324cf61bfa4659

SHA512
61961c66225becda43b28a9a4314a96f6fa645e87bde51858ba6fbc50a860f55e6e40917b5ad5f0e15a65b33048900f1ff0ce0953edcc75984532813ce39fe36

Download Submit