2edfd48c7fc7f707fe235d05551b61a882296b5b9097e79823219bc0cde8f90a

Analysis

max time kernel
56s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

release.exe
Size

5.9MB
MD5

6d46969ab9ba73f9c14cb57c8911f492
SHA1

f65f0a1aa15eaec933b320fd0f6bdc59535f6d28
SHA256

2edfd48c7fc7f707fe235d05551b61a882296b5b9097e79823219bc0cde8f90a
SHA512

f93a65d80ca72813e0381e4c014e7f1ac913e1cdff652ce0fa1511cf24c87e33d2011ff6b05fe3f65341355c7c20704196bd4510f5357bf40a079dc1abf8ea82
SSDEEP

98304:WrOVmoDUN43WlaEjjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6aBn4:WrOVumWzOjmFwDRxtYSHdK34kdai7bNp

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

release.exe

pid process

2580 release.exe

pid	process
2580	release.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI13082\python310.dll	upx
behavioral1/memory/2580-23-0x000007FEF5890000-0x000007FEF5CF6000-memory.dmp	upx

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2616 chrome.exe
2616 chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe
Token: SeShutdownPrivilege	2616	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe
2616	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

release.exechrome.exe

description	pid	process	target process
PID 1308 wrote to memory of 2580	1308	release.exe	release.exe
PID 1308 wrote to memory of 2580	1308	release.exe	release.exe
PID 1308 wrote to memory of 2580	1308	release.exe	release.exe
PID 2616 wrote to memory of 2888	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2888	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2888	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 2360	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1252	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1252	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1252	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe
PID 2616 wrote to memory of 1388	2616	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\release.exe
"C:\Users\Admin\AppData\Local\Temp\release.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Users\Admin\AppData\Local\Temp\release.exe
  "C:\Users\Admin\AppData\Local\Temp\release.exe"
  2⤵
  - Loads dropped DLL
  PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6659758,0x7fef6659768,0x7fef6659778
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=284 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2124 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2132 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3140 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3356 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3868 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3460 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3436 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3932 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3840 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2012 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=764 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=580 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3384 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2520 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2656 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4284 --field-trial-handle=1192,i,3947780019514470945,1513527845673014102,131072 /prefetch:1
  2⤵
  PID:476

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d0a944f8b1716862500152c2108a147

SHA1
fe22d95d022099fca15582f065a109f3c2367150

SHA256
79be42777e24bdcdde8db984272bc504d1842b3ef55a97991b5bf0214e0f14a7

SHA512
2a5eb82aaa101299d3064c1a2288a23a3afc56de2c89dec04fcf29525ad1b04ca7ab0b6971333a65b319b64b8bee915aee2c3112b04fdba4d520b4f5db14e5de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
776fe2004e83f3a09de55f16fe82e8cc

SHA1
94023287484244482dc3a8a8d4a8fd906647ed8d

SHA256
f9125d375c8b7bdd1b6752b059511f309601984488b3c458b13be6cde6e6eeb6

SHA512
9716215e888b2b273f44d1db761b1705f714c6fb67664160123e2594861f8b2edb883c47661740e34c867227e4511d1d665792d3b6f6d2ff4dd2d5d0180035ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69b31887dce720b5caf54b04ad7449be

SHA1
de9639791740099ddd5b62a8d950bda17d86964e

SHA256
6acfd3e31d8afb24afe811839568d38088ccb9eb658b1e22f1f01b457ffd78a2

SHA512
6f00001f8dc65cf27496b2909e2fce34c9a15c0e0cbb2efcb9b7b28f768f826f0dc95270b1ca95ba5ba2cb70ec7a2f44305da4e69154a30583dbfa5717d54817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b138cb314f567305627d00b0896649ae

SHA1
4bcd227a7fc63e44f2e327e2431b27b7e84f769c

SHA256
180aa7afb942a33638c6d1d86cd732f3b52687445da34e83d4e6617d1db2ab06

SHA512
49ae2bf57d7f13318cc215b3357e0bed1431a0fa488e6a5e9085f99bc2e4a3a54b6b0d70e71b0864093a0255b0f3657d0f43d0f84741b4999754667ca7f95e6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e7721833d90b7c95a90fe00e76c8793

SHA1
d5b80f8c8f8cd40a4a4734b11619c659ae1aaad4

SHA256
802df2c691d9dac6f31a62531971a6bdcea241d485a65231cae8958ed39cdd3b

SHA512
8619334c21c8b43498caf60cb21a3df0ff00bbfc274e1bdc900792e11eef3fb4fda7104cde88cc7bbd609cc56314b3c1aadc6ce95d34a893efea60be03b56916

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb69b33804124b44adacccdb95aa53bc

SHA1
d243708986915b4414673615bda2ccaec52d6951

SHA256
d0fa0a7db04827e4883915eeb4506cd2763d09f419512ee835c16bfcb2b231d0

SHA512
c76aa2802153433d055540ec21fbf74dad52312dbe774562b21649d5f874182e03d4409602369f3ec45c9b508f530c75776bad70b9a8fee49113bb0182a332ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c89c1c256352a1aa08e24ac8dbc7f709

SHA1
75e74c8c1efe54b780aee5829e18e25a02144d6c

SHA256
1f95f826ce908394e2c58a1866f63d62d27c6e1e5e43371e3f9fe9c393e6367d

SHA512
a3646c6633f90a61d2033f24682a8d99e15c6dca793fee7d08c89a738da863dcd8ba984fc7b898c7865f42a1e549491f01c98082a82dc07177082a21f97d8079

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f1377d0061e4158d9641f8e55d07205

SHA1
581fa8c0ea6b58cafd20abcd7e908a46b3515703

SHA256
828b2af37c425af59a02fb55170bffc7ef906bdc155248e8a9636e7968a36999

SHA512
4631e9d6f1652ac04216c5a64a93ef4bca166d0c943c49d565e38ae4da83bdfb9e1f2a62f408e652374789ea1c9b9a552e1e88f5dff342d5de2d3995f8cdb755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT~RFf77fe7b.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
874fecdafe28a99b99c0c2dea4e30ad1

SHA1
72f3a43d50d063b1b096540cade39c2803ba0974

SHA256
1e733da8039a10c961f67da96bcdd7a9585419b14f05b0b739bbe02b8a385678

SHA512
8539fd13a0896ca46c5ac53c84e57ea80b45d929aa763fd8200c65a78637ad7141dc880fa5511759d27a13af04f524e6f6f49a70df75ba3d1073e6603db86ac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1006B

MD5
637c6c65de9573585c2623ec6a006e0f

SHA1
b9fac01cb7d7c6c417331dd7171835722c77a3d5

SHA256
e7e21951297dab7fb7576b00afd971c43ffcd1574c361c4a27716c7deb857dd9

SHA512
4a23d3c1f351c12352b426ba5ad099133a2a0192354357b5f791def1e82138c2ff3d36ddf3feafeb7d8a16304bb7a601b0330ffb4416b0888b81bdeff2d449bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
489dcd11951f96330323490f2a05d239

SHA1
baa9c17d4673c581913cd285bccff2684a71a95a

SHA256
2904ce20a21a8f5d09bdd612161ca375b0d2ba5be7394b7b0621387b8d71a1c3

SHA512
149f534a1a49ec30c171a2a02b201bfd9d5a35a2514f7750ce1e6c703f9b27c7888fc06b06fe9346de4b084293e69083a7a6fee3b269df71cefdc6e42d18b8d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3dc0b7d9a1329ffd18a0fe8419595ce6

SHA1
1f119b625ba71661e29277d657dbac13d3a80727

SHA256
74cb5df92ec8c8e0fa67e9cf092084ef007b23e919b7b2305ca8b9d33accc65b

SHA512
7470f22e67ab6c45ec13c92fe7147dd5a16fb39cc43c03342974e2b5da6ea8a018ee6597e65f9c4cf7cbc025d42d4feaec9e531fa8d94a32c8eeb9c8b482cfeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c02051bc6f65d01311b711035b513985

SHA1
a2ac8dfdcf44b3b175a4758b5541edcb1c4f19dc

SHA256
a23a1b9b4a72c80d51afbdd0ced8cf1bd5256c16d15c12595369e8aff6b20dfc

SHA512
0b8c15e9abbb09472fff129bdfea0bbafa8e53898f9d3e4f58849a03d037beba0fe4b5169b3e4fea1eeb56abf3e2c3f5002d6cd9cab04429bee5914b2c2c9d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
423f548751631b6cf581372f1c6b4dbd

SHA1
b0964c36e4e626ab866348c63064acf2c1b2d180

SHA256
efe9a86e6b79d58aa388506bea6814adfcd6eebf2ab6e6d20190e6ff6cad8ebb

SHA512
a781c459ab02469c7335e05023a1402d9e3366be67c7c6f9c6c4b7e2d648ce2f607dce0ebc542f0d1001e0b49b8c4f91af90afebaac2e71e46bbd3ea6ecb1609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9e26d1b6931dadcf52c115c1d822dfcf

SHA1
354f3290c904403700696895f02a3c8381efb2f8

SHA256
034260d9d37e803dced5fcea926230f703348ba0e84f1c6f7203a9ac5b897a3f

SHA512
a9897368c7a97c17ae5ec9e771484371069af2d81cf1eb0ad7c0b5c4ec34a46aa7cbb1fe9f93503d1b9cbc0585e99cd27971ed8668e01baa71bfa8e4dfc69003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
89eae86aadde0646dbd3c97247bfe1ab

SHA1
211caf9dd402074a6a993f7e545c2c5e6c444b93

SHA256
728a7219f7b6dba1534548f54fcce2452b432a4c29d9fc86cb049772118a972f

SHA512
81eea390da8b3a45d1a631c8cd06721db6b9428390d8ff0cfe7a61c2615781db6e2c201ed2074fcda0c8c7af29bae2c2ca2f7b21902d8e372eb16c803c05bc6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0e2f959-22e5-486f-8a65-6bbeb067fc31.tmp

Filesize
6KB

MD5
0709c4ea275bf56c097c35c10c6a5084

SHA1
10204913bd1d7b173ffbb5f9cfecfd6eb3a76687

SHA256
71dea846a87103a9060e0f382c9b6f083cbce14fbda60c4326538c0b10d22771

SHA512
af1fe83a276943e6b8e5ee3907d55626ded6dbe172c4538326c1b2441277df4e67cbc333b4de6e13c5b2dd258f18631dd2a71dad4b71b1be68efe06f143a16ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
43b0d2f18bec37a3f914f363260dc5a9

SHA1
2eac22316f1d15d1dd0ef89b2fc58f554ca8faf4

SHA256
686a537ead5744cf47c7fa2b9c49b5d6d6067af2f3c2dfff4dfed4548b95a0ec

SHA512
2fd9c93a2244fc7ee0728ae95de14b0af4c58235709b45b04020f446d13b6201f440c2a5a0671bb262292ac8a50bb962a0320378d892bc6b59bd3ac0c11aadc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1ECE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13082\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
\??\pipe\crashpad_2616_CWSFYDROSWHUSOBG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2580-23-0x000007FEF5890000-0x000007FEF5CF6000-memory.dmp

Filesize
4.4MB

Download