659d4b153571852431474cd0a9c5daee61173496e8840c3bff75c7fc3d045a2f

Analysis

max time kernel
116s
max time network
147s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 14:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe
Size

2.0MB
MD5

3502323cf8b6796aba244d3a1dc093f2
SHA1

bea5bb5525de69fd0a3540607d154d83255e8dec
SHA256

659d4b153571852431474cd0a9c5daee61173496e8840c3bff75c7fc3d045a2f
SHA512

f1715339bc0641c65e276c843368bfe51d3ad48ae92f07a20724edceb7b7a96baa7ba37410ca7ed65a4e08e6678d96363c84d85dfe7613662f2e20876d622278
SSDEEP

49152:CVlXWWakLsmF2t3C/xAl5ynxNjxar2u+Ye6v6NWM:CDGWakLNcCpA5OLxar2Fq6N

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3000	3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3000	3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe
Token: SeDebugPrivilege	3000	3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1848	3000	3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe	29
PID 3000 wrote to memory of 1848	3000	3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe	29
PID 3000 wrote to memory of 1848	3000	3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe	29
PID 3000 wrote to memory of 1848	3000	3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe	29
PID 1848 wrote to memory of 1660	1848	chrome.exe	30
PID 1848 wrote to memory of 1660	1848	chrome.exe	30
PID 1848 wrote to memory of 1660	1848	chrome.exe	30
PID 1848 wrote to memory of 1264	1848	chrome.exe	31
PID 1848 wrote to memory of 1264	1848	chrome.exe	31
PID 1848 wrote to memory of 1264	1848	chrome.exe	31
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2276	1848	chrome.exe	33
PID 1848 wrote to memory of 2504	1848	chrome.exe	34
PID 1848 wrote to memory of 2504	1848	chrome.exe	34
PID 1848 wrote to memory of 2504	1848	chrome.exe	34
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35
PID 1848 wrote to memory of 1844	1848	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3502323cf8b6796aba244d3a1dc093f2_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-popup-blocking https://www.facebook.com/2552962521606528/posts/2562718393964274
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1848
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66c9758,0x7fef66c9768,0x7fef66c9778
    3⤵
    PID:1660
- - C:\Windows\system32\ctfmon.exe
    ctfmon.exe
    3⤵
    PID:1264
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:2
    3⤵
    PID:2276
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:2504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:1844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2080 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:1
    3⤵
    PID:448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2092 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:1
    3⤵
    PID:2240
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2428 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:1
    3⤵
    PID:1560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2552 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:1
    3⤵
    PID:316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3336 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:1156
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1544 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:2
    3⤵
    PID:1716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1772 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:1
    3⤵
    PID:2752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1364 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:3040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2472 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4008 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:1852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:2568
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2468 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:1
    3⤵
    PID:1344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4216 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:2884
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
    3⤵
    PID:2696
  - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13ffd7688,0x13ffd7698,0x13ffd76a8
      4⤵
      PID:3040
  - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
      4⤵
      PID:544
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13ffd7688,0x13ffd7698,0x13ffd76a8
        5⤵
        
        PID:688
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:2568
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4332 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:1636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4176 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:2144
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:2480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1540 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:1
    3⤵
    PID:2748
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:1576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1328,i,15961126790987694428,5838519127401610180,131072 /prefetch:8
    3⤵
    PID:3060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240511141910.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
7f39e7e607401748d8b53bd269cede91

SHA1
77d2745793105064da626c8d19639589b61b86e1

SHA256
5ce8a0a5b29a302c87b6b634d5a4517fc9a92d4633d2c585b27283687c7b28a9

SHA512
cd7eb28cf11b97f5f6aaef38c8bfdda32f6be9080b7e5480a27322a4ebbf03562c9360a9507fd75fef5dfb450e54724d0993feaec0c7d4832dca66686b56828d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ac9fd7357bc721dfc644af08a163d9ad

SHA1
36be5ef2569e2d0caf3216efc0b25600128e2a83

SHA256
77a513ee2fb413b12ebdb56c2871be72dc134aa7af7acf300d1a5fda7f2cc8ac

SHA512
98a40ff4b66b0fb0a694dd7ed27d6ad2f3bbe0c04fb49a9a0d5270e6c48ff5864e8aaa5efc47ead660de6641b42c2fcd73136cd7c876ea1913f99265711c1b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
e471d0743509979d7e3c405678fb0fce

SHA1
7f8e7db6c2619a81ff96fcc3c20f6c329e283bef

SHA256
11da13d1d38b48a3a4d4b675eda4227b9b3228aa25f598e61ab1a33756385886

SHA512
061adc619325d7ca97050b25825050835fbf3a12d8ec390415caf489e9c8ed0654ad7fe5a28b0dbf0e3b1aee124068f32fe60f4248a94d8711d08b1a1627c870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
0b0c607eb352a0976d649ac780eb04a7

SHA1
864c2cfba46dd79f13eaebbf1426ffb2905a495a

SHA256
a135dee254297a5ad8710838d2a164bfa77751bec6f2ee1df110936f562fc2d1

SHA512
f242a46b53dbcf60b336c45c492a965d3eb2bf45453c9600a96e4bc737ed1c217dad3e44a26e036b54f09198b5cf947f8bcbb7f688a33c813bbfb8f6cf7a8dac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0091185-84ff-404b-9f38-b59f4b69cda7.tmp

Filesize
193KB

MD5
ef36a84ad2bc23f79d171c604b56de29

SHA1
38d6569cd30d096140e752db5d98d53cf304a8fc

SHA256
e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

SHA512
dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fc9546ea-b9ec-42d8-ac21-1c48b1e4f431.tmp

Filesize
8KB

MD5
5e5b56a01ce10092148f8d9c680726b3

SHA1
bc51542908ed4111b2cd752fcf0b406df080837f

SHA256
5928245fce363158f29fbc8609689bf3b8e3314652d912cab6427d8863de1791

SHA512
44be5cde7628f5db2fc3324396f496d327a3cd16e5333ab21cc68a296655848fb73950ac72ad0e8ffba86ba6857aea92246627609687898cb8610968ac384edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
141KB

MD5
9fe3d9beb7cc84d504b73d041ae62012

SHA1
2ff8c130f12a7858bcab91b708572b17cfda50b5

SHA256
edaaec8e1c07cdc1156620ff9ae64dab5946aaddfec53dd30dffd28ebc813692

SHA512
5e2aed7f8d64ab5cb3734449b5b972775fdda975b54daf2164791f305cc646c0250cad73b187fa4e10c8ebb2893725454023f7b855ce8904b58f2df30fc149e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
943489a2a3a77240d4f7c6b091170a55

SHA1
1f4649380d4f47fc7faeaa15b3423b6750c80b41

SHA256
cc8992e0f020c06c0a7f2267e72d36854073839268ac572323803d7b895f7991

SHA512
fd36f6497b23bf2148e90a77601c141de14bd480149b3f47407ba1a1593108905d1740a722f99790e2caa6279a4201a24a07203348cb2fea59ae949953af5ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1EF8.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1FE5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
9KB

MD5
a69bcde314a80b1be6c20db5703ea87d

SHA1
0869679b507e3d6d671862b16de63b9a6a96eb1f

SHA256
f9fecf450fa83d411f85d4d12794a08ddf0df9afd9d8ba42d8bd249ffe596c3b

SHA512
a5b24baab818af151b3cb84ed697c5e6e8e1909b590161209bc9b5cebc23c227308aa668ef3eb0c9e3d176e5ca6a673be9d104c68657e2c22cccebe24f60a696

Download Submit
C:\Users\Admin\AppData\Local\Temp\f758429c-3736-4679-bcaa-e3ec52c13766.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1848_1427992699\69cb54f1-7c75-47d4-a5f1-58f18887e621.tmp

Filesize
1.5MB

MD5
76cb4abf3cd8c71b2f182546e223c50b

SHA1
af3f49779bb516958cfd7339f8ae5b369cc955b3

SHA256
0f931ef68b73d54c7badb15ce19ffe79a9ebb6489ecf86a808cd57b3874404d2

SHA512
7cae63631cba320ba4f12a33d983877bdc103f06d14a1ae4b5e77637d50e14e527c82eab72b20eb3c562b416cad5980daac29a4bd28bd6b64488e4700ec9ea88

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1848_935585974\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1848_935585974\fc1e1a5f-0109-4e64-a549-8d3a7839b6b8.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Windows\TEMP\Crashpad\settings.dat

Filesize
40B

MD5
c59c82321590b921a162cf569d82d1f6

SHA1
f16cfd29ceb10a6baeefd2fcad3187cfaef9128d

SHA256
9881901ab44cf7ca648c6cafa212b29ed9730ef4411dd45a9923a98ab344091e

SHA512
aa1f72cf975fb318917d838b008a36cfbbe8f5035b4c152bfce7ebd37c1e413ed6dc9086eefc3f29c26ba2417c3920be2069e7f9f457ab0d18649feb0d63ff79

Download Submit
memory/3000-0-0x000000007405E000-0x000000007405F000-memory.dmp

Filesize
4KB

Download
memory/3000-1369-0x00000000062D0000-0x0000000006492000-memory.dmp

Filesize
1.8MB

Download
memory/3000-23-0x0000000005400000-0x00000000054CB000-memory.dmp

Filesize
812KB

Download
memory/3000-2355-0x000000007405E000-0x000000007405F000-memory.dmp

Filesize
4KB

Download
memory/3000-2356-0x0000000074050000-0x000000007473E000-memory.dmp

Filesize
6.9MB

Download
memory/3000-2377-0x0000000074050000-0x000000007473E000-memory.dmp

Filesize
6.9MB

Download
memory/3000-2380-0x0000000074050000-0x000000007473E000-memory.dmp

Filesize
6.9MB

Download
memory/3000-13-0x0000000004500000-0x0000000004510000-memory.dmp

Filesize
64KB

Download
memory/3000-7-0x0000000002120000-0x0000000002130000-memory.dmp

Filesize
64KB

Download
memory/3000-5-0x0000000074050000-0x000000007473E000-memory.dmp

Filesize
6.9MB

Download
memory/3000-4-0x0000000004E90000-0x000000000511E000-memory.dmp

Filesize
2.6MB

Download
memory/3000-3-0x0000000074050000-0x000000007473E000-memory.dmp

Filesize
6.9MB

Download
memory/3000-2-0x0000000074050000-0x000000007473E000-memory.dmp

Filesize
6.9MB

Download
memory/3000-1-0x0000000004CB0000-0x0000000004E8C000-memory.dmp

Filesize
1.9MB

Download