3a5576c4e7d9ed56cc295fea24ef0fa68cf4235dfefa434caa32015887e757c3

Resubmissions

11-05-2024 21:03

240511-zwbgxaha9v 5

11-05-2024 21:00

240511-ztaslabg57 5

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nRi28Wtqb1.exe
Size

5.6MB
MD5

872b0fa8c0306040f181d08c5d7a252b
SHA1

a08cf74361c96aa4d7e4503af6563c63b95f1973
SHA256

3a5576c4e7d9ed56cc295fea24ef0fa68cf4235dfefa434caa32015887e757c3
SHA512

23d8610ac8bfcb68695b652dd8d35edcc5f17994c90966ef0cabf11489d983cc852dd8e6d36ec85c78ec6f63cb6a7b21238a6d9687494f3ef99bc7ca86a4a277
SSDEEP

98304:GRx4heu/+/tswG+PJPigEtVTH41ZE6HqM/aZeOO4wZivrH/LXmfI1ZWQpy:GL4gy+/tbG+PJa3txT6KKaLbwZivrjdJ

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

nRi28Wtqb1.exe

pid process

1936 nRi28Wtqb1.exe
1936 nRi28Wtqb1.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

nRi28Wtqb1.exe

pid	process
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe
1936	nRi28Wtqb1.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

nRi28Wtqb1.execmd.exechrome.exe

description	pid	process	target process
PID 1936 wrote to memory of 3060	1936	nRi28Wtqb1.exe	cmd.exe
PID 1936 wrote to memory of 3060	1936	nRi28Wtqb1.exe	cmd.exe
PID 1936 wrote to memory of 3060	1936	nRi28Wtqb1.exe	cmd.exe
PID 3060 wrote to memory of 940	3060	cmd.exe	certutil.exe
PID 3060 wrote to memory of 940	3060	cmd.exe	certutil.exe
PID 3060 wrote to memory of 940	3060	cmd.exe	certutil.exe
PID 3060 wrote to memory of 3068	3060	cmd.exe	find.exe
PID 3060 wrote to memory of 3068	3060	cmd.exe	find.exe
PID 3060 wrote to memory of 3068	3060	cmd.exe	find.exe
PID 3060 wrote to memory of 2156	3060	cmd.exe	find.exe
PID 3060 wrote to memory of 2156	3060	cmd.exe	find.exe
PID 3060 wrote to memory of 2156	3060	cmd.exe	find.exe
PID 2592 wrote to memory of 2148	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2148	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2148	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2396	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2412	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2412	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2412	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1328	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1328	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1328	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1328	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1328	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1328	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1328	2592	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\nRi28Wtqb1.exe
"C:\Users\Admin\AppData\Local\Temp\nRi28Wtqb1.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\nRi28Wtqb1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
2⤵
- Suspicious use of WriteProcessMemory
PID:3060

C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\nRi28Wtqb1.exe" MD5
3⤵
PID:940

C:\Windows\system32\find.exe
find /i /v "md5"
3⤵
PID:3068

C:\Windows\system32\find.exe
find /i /v "certutil"
3⤵
PID:2156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c CLS
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6519758,0x7fef6519768,0x7fef6519778
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:2
2⤵
PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:8
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:8
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2184 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:2
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2040 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:8
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:8
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3320 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:8
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3972 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3740 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3948 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2768 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4076 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2408 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3800 --field-trial-handle=1376,i,9546980847152213685,5898037060402784760,131072 /prefetch:1
2⤵
PID:1828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fd1cc667797743e8368cb53e3afe458

SHA1
80504d4da129488569c1fc0bdf701550d4756444

SHA256
86168d385ecb64f629faf33bc20bc08c84f04e254ff3b2e4671d66e2666c4feb

SHA512
aa7a39b6aa912d9a2f82756eac6b52011b9d969d40e48845734647b857db7e1d273610dce1f5c59ff535eaf5a3cd5f7e4877fc4836bdf692b2f11b4677b78f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
349509d1a713938781477eac25bac496

SHA1
e9188c545a2a3ff551b39b0ec46b7f8b2316f2f5

SHA256
59dfbb2ad39d57409c9bc0b793253d401ba5ece9f64fb311dafba4131d91645a

SHA512
61511de76ae8914e0ffe9ea6b1c7a8c313fe26296011b8c38f857e2820a52f4059871210d3c33e7f04d004ee7d42c45f2620a6adf01927a71b7cafce56b9cfb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
91184718d8612ae243575e437744f555

SHA1
156b9822a825fdccfdc948b951a9f1fa3c15022d

SHA256
23a7d0d9f2ff07c2bcd2c1cb596531c4d69899d9bb9a79f2a62058cf56ce101b

SHA512
aac4f225814c615b2980fcdb054a76957bd91a6d6153a7f9769a45e6e90c508d63ac96f667449a7949a51e62e19863f665e69172eec20112c4cc7770b262138b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8a515a62e31b4e22ab64735dfdc7810b

SHA1
7bb0dc79a991ab53308a21d50c0c2734a65452da

SHA256
b3c7849e480b00e1abb18471c097a06ec1090c5174710159022a0dd1d050a33c

SHA512
939c23ab198f0b1185573a9b82d56df8403155b56faf0fb65dff6db52a46f9cbc40f46ff0d05ae2359e28d851a1b1541c3070d77205a04c75e0785089f61a489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
606568a75c7a93080fadf75e3de3d5b6

SHA1
f91707069881467158abf1cec803a004140172ba

SHA256
362e5929333fc13123fdfb9614de85a4c435e197aaaa48a318cf10c9c330f55f

SHA512
656590631fca45aa075752d30d7063230065bddec18260645a50b7dedd68669e13d0b6e5a38ce6018e3d3786760258d6c19a7dacaf58bca2333d4cf9ce5dd745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b0b76eb9-641b-4dd8-938e-eeef82128dbb.tmp

Filesize
140KB

MD5
12bc215de11d3f3d965e3ecf6988129c

SHA1
4025e46e4164ddb6d15f88b19666cd4017f4c015

SHA256
443f5d75e6be75e7d030e61f58030e1a7b59f98e49f98dd2eebea1d22d040495

SHA512
4cec83c0e769d222e6410d2bbe5f2b794ca99bd1697e928036b52f7378ba340ed52a163b21514550240fb7b4f5f574e16a320470f185cac4ea034c610afe6ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7A12.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7A15.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\??\pipe\crashpad_2592_LNBYJLKLIUZXSGZL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1936-6-0x000000013F3E0000-0x000000013FDAD000-memory.dmp

Filesize
9.8MB

Download
memory/1936-57-0x000000013F3E0000-0x000000013FDAD000-memory.dmp

Filesize
9.8MB

Download
memory/1936-2-0x0000000077940000-0x0000000077942000-memory.dmp

Filesize
8KB

Download
memory/1936-8-0x000000013F478000-0x000000013F815000-memory.dmp

Filesize
3.6MB

Download
memory/1936-0-0x0000000077940000-0x0000000077942000-memory.dmp

Filesize
8KB

Download
memory/1936-4-0x0000000077940000-0x0000000077942000-memory.dmp

Filesize
8KB

Download