6d2b8149d811e033d77c90f70c2ded92d99c6081582c8e346a48f0ca6adf4599

Resubmissions

26/05/2024, 23:57

240526-3ztz7shg57 8

26/05/2024, 23:53

240526-3xnqeahf65 6

Analysis

max time kernel
53s
max time network
149s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Video-844.mp4
Size

2.1MB
MD5

af90a3e03047712513100b62e7ee6102
SHA1

bed20166db46d35af02727a377ee95159277769f
SHA256

6d2b8149d811e033d77c90f70c2ded92d99c6081582c8e346a48f0ca6adf4599
SHA512

512414e07da99680b8323af261a3242d82f364006e64bf548447e0982733411ea1920e9ae80e927cf50a8669fe9a5f83cceb07f2928314590fbe0f00ffc89953
SSDEEP

49152:Lz+Sm9uw1ZUoXmaixx5lrBDeCblfXUdjGQarXsoiYLxDtDQEmJ:G+UrXmxzlrBaOtXUKrXsKjMT

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2824	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2328	chrome.exe
2328	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2824	vlc.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: 33	2824	vlc.exe
Token: SeIncBasePriorityPrivilege	2824	vlc.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2824	vlc.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2824	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2824	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 380	2328	chrome.exe	29
PID 2328 wrote to memory of 380	2328	chrome.exe	29
PID 2328 wrote to memory of 380	2328	chrome.exe	29
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 1028	2328	chrome.exe	31
PID 2328 wrote to memory of 324	2328	chrome.exe	32
PID 2328 wrote to memory of 324	2328	chrome.exe	32
PID 2328 wrote to memory of 324	2328	chrome.exe	32
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33
PID 2328 wrote to memory of 488	2328	chrome.exe	33

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Video-844.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef1699758,0x7fef1699768,0x7fef1699778
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:2
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:8
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:8
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:2
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3224 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3212 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3748 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2616 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2804 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2512 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3248 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3656 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4012 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2580 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3884 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3888 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=1276,i,13224643581845829217,18268931949998177204,131072 /prefetch:8
  2⤵
  PID:3028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa30e62f831488fdf866d2bd73b8116c

SHA1
b5e6b17debb3d8bf29d2e73a580169da34f2c66f

SHA256
087ff694769b339faa708e709e7efb7859ca838fe57b9fa31083005ba04d9d95

SHA512
b5faf19c9867dca546207841c664530985a373468042f54bc095b70919b78b515e0a420f2719e72fa7f4e941107f7d8d7ccd8ca96fb37ebe5f6416c8f0290f44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
485171e7acc6a041989918f1058ead22

SHA1
e54e32d2f49c801461468453329879f3d55b447c

SHA256
140ebb30bc0e4c0b9d9ad41df65ab28af0a1b7b04d6d902e830cd45ebb855794

SHA512
e4cc59c60db832664131ce37f72f0475cb25e7066d0b1e84bc6bb195ce8ecb269d843e26261607e97c3f6f18f1e92da7529b9edc262442e46878f14db4599e1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ff007c63925ee0269f7fb7c961ce26e

SHA1
800e241de1e51f1eb822c25fa80e40669da22bb6

SHA256
bb3d5efef73ea4c10b1a24b1d2f307a18c68f42ca49fa1e38f065f682b376540

SHA512
04bc723ad59f8b2accebb0e9162173300d51d49d4fce5abf60addc573ebb13fb9cb873aae2c64315a026210f3242122615504b83e41fede0c299eb8155b7d32f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
495a0fad68035d03e28c3957ca53b09e

SHA1
609a9285fc33546dd63610151105dcc7d8401739

SHA256
ce9ca5a744de3d6efcefac881d39dd1b7edb9bb2c8946b2822c519d1da63c0f4

SHA512
80b876abd27461b96b2514e2bb18c559b8aca67aefca71a55006c7bbd4ec1cbf1907c7efabfef58618c1d59ceedf216edf6ddbefbf899f15861e18301a6aaee7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f6f86b4d63b3b5a6f8e2e65125ac553

SHA1
4f01915ee58539f9946bbb952fb000e320242ca2

SHA256
1d7f5b3c5161b4785efc4e6e09b8e1440ca7c738d9c88e6774eb0ec90a188335

SHA512
fd205dd558eee0a48c18d43746834d51c108fafa948d7f3987d962c9593401f34a374cd1e15ecc4c890735acc8f51ae725429355cbfc8e1eb0ff1ae9098b5eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85c7f30b20ecc8e0fc8572e7ac0ed167

SHA1
4653332b703f892da3dec85f54f5d484071823ad

SHA256
a1f297d816e13f169e883f4fcc54313a74d40b7a58dcbc62eadc935daab68f44

SHA512
150f6dc6f9d7c81b0e0272e2426813ee34fb751a20215246e449ab8bb8666748fadafa1a762628e3817a4703c875940e3691dee118294eeb7618b6bde0b1aac3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03accbea71ae75b560a73fbfa8148a98

SHA1
5c6717fb174d3fe64ccb602423f3a3563b45055a

SHA256
11539c621a1406ac7c9cbe379e1ae77381d5bf92f08ba5cbfaa51bd884503849

SHA512
0319d7cec5f828e44e9df6b2c87d054a59916abefece21670beaf0ca161fa914d82c17e7f884183254b9b7376002931816b39e8ad442a7b539cc7d3560f49530

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04d83506aa00d81d1704343029da5e40

SHA1
1fb5a808fd7d2559f8a41d823b0c5b115af384a2

SHA256
1a85709b94e44deb675e5a83640379824b26b977c72fceb80d180e24694fddec

SHA512
06a59662161ad892d5905aac6cc3f893b49a5067eb5e6e8096c1d82cc7b7dcd712f50747392c1536c128553745a3a32569b6e347b1dce28eb69fc8f13e2cf1b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
420a13152aed93d6de1fd7cd3c695def

SHA1
3168a30c4bc357d803bd3dd1fe8d6165a83ee195

SHA256
fb34acab91bdcb09118e0df6295e296576ada95e0f03277315d8f8e866a00aa9

SHA512
04913501d68669ae91d8056635564de910dae0ec72e61eb5568389eb2f00522cd79fd6e3268d1da22f8f3a87d3da4b4c0c5538717bafc6f712eeafe8730944be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76ac17.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
0af4f5b3252d5593aced7eef0394d56f

SHA1
7220d4c303e33babb3993c43f4dc137a8907934b

SHA256
a8b8c845246eab951a4966f1485c1698fd3aba27246eb3687dd06c57b8713210

SHA512
85290f316b714269040cbeb5c9a6acd63b9cf8f6ca0905fe8be721c889ac3c5a47634a78e792691f2c8cd232d8cc69f7ca7b4f8719fcb9fede2785c823640502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f251ee87ca40d84a2deac7cfb9900b3f

SHA1
945ff947e9010aff68b922a93a651b1abb362841

SHA256
804ff28b45e7af1165d31e09a80d48a7025b9b7b72de555585e9e5891763b041

SHA512
ab45745ae99b35ec72b67a357f90b9607f8742e79e237d76c7d2727ecf526a907d26a38cf4666630f3a0934b75bcd27235bc6920840d2d317e8da4c8edfabb4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a538bf95ae2e4e174e915ff5c510bbd

SHA1
74fc8beb4f02d9d785478b51424c9a922f38613e

SHA256
2a05e05c4028958ebbac11dda11501d3a6d4cf6d56b34aed3f3949b722a0785b

SHA512
4e2521352a8b3642553c8a4b67b9f2236ce77e1c67a3c16de8794abd45b59cd468a654b62a46141cf6b6d9b2c40a49da8c4548f9b0e50eb6bbbebdcfeadfe163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0f86f4e72615ed1ab2c8b5069c789302

SHA1
2e3d0389d16ad195b801c2d605a347c42070488d

SHA256
05c63fa5e8bef491935cbdbfb5894fe537e2ba3ce45022421cda7b4141d90fdc

SHA512
dd00d63321c229f11ea5088fbe6ae19a9ae66c1f27c46fe24171cd3b86a5d9c9b5962425100db9b42683720aaa3cf93f053a7a10bcc05c4b1792e2a32a93a242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e716b4f5-bd02-40c3-94da-eb5680be9654.tmp

Filesize
7KB

MD5
8817dc8a688ca0139dac057f00f954ee

SHA1
b249b0bc03f4e7406e791a671355b84ce892edff

SHA256
018799a0c54cd396ff2a7adfa24eff4eee623a3c9c31f2fd282c0a5b0cd127ad

SHA512
e32a21980ccac31370652d32452026cd7ec70cd29d27ddd373e8c777c44cbb7893105cfbb2e6fdf5e04a548910e4cc649b26d6546741e774f0c1274e1df4b7a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAC5D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/2824-35-0x000007FEF44D0000-0x000007FEF4512000-memory.dmp

Filesize
264KB

Download
memory/2824-53-0x000007FEF1D50000-0x000007FEF1D61000-memory.dmp

Filesize
68KB

Download
memory/2824-32-0x000007FEF46B0000-0x000007FEF46C7000-memory.dmp

Filesize
92KB

Download
memory/2824-31-0x000007FEF46D0000-0x000007FEF4848000-memory.dmp

Filesize
1.5MB

Download
memory/2824-27-0x000007FEF4940000-0x000007FEF49A7000-memory.dmp

Filesize
412KB

Download
memory/2824-37-0x000007FEF4310000-0x000007FEF447B000-memory.dmp

Filesize
1.4MB

Download
memory/2824-25-0x000007FEF49E0000-0x000007FEF49F8000-memory.dmp

Filesize
96KB

Download
memory/2824-38-0x000007FEF42B0000-0x000007FEF4307000-memory.dmp

Filesize
348KB

Download
memory/2824-24-0x000007FEF4A00000-0x000007FEF4A11000-memory.dmp

Filesize
68KB

Download
memory/2824-23-0x000007FEF4A20000-0x000007FEF4A3B000-memory.dmp

Filesize
108KB

Download
memory/2824-21-0x000007FEF6350000-0x000007FEF6361000-memory.dmp

Filesize
68KB

Download
memory/2824-20-0x000007FEF6370000-0x000007FEF6381000-memory.dmp

Filesize
68KB

Download
memory/2824-39-0x000007FEF4060000-0x000007FEF42AB000-memory.dmp

Filesize
2.3MB

Download
memory/2824-44-0x000007FEF2840000-0x000007FEF2856000-memory.dmp

Filesize
88KB

Download
memory/2824-43-0x000007FEF2860000-0x000007FEF2871000-memory.dmp

Filesize
68KB

Download
memory/2824-42-0x000007FEF2880000-0x000007FEF28AF000-memory.dmp

Filesize
188KB

Download
memory/2824-41-0x000007FEFA5A0000-0x000007FEFA5B0000-memory.dmp

Filesize
64KB

Download
memory/2824-45-0x000007FEF2770000-0x000007FEF2835000-memory.dmp

Filesize
788KB

Download
memory/2824-47-0x000007FEF2560000-0x000007FEF2575000-memory.dmp

Filesize
84KB

Download
memory/2824-55-0x000007FEF1CA0000-0x000007FEF1CE7000-memory.dmp

Filesize
284KB

Download
memory/2824-60-0x000007FEF16C0000-0x000007FEF16F4000-memory.dmp

Filesize
208KB

Download
memory/2824-40-0x000007FEF28B0000-0x000007FEF4060000-memory.dmp

Filesize
23.7MB

Download
memory/2824-59-0x000007FEF1700000-0x000007FEF1743000-memory.dmp

Filesize
268KB

Download
memory/2824-58-0x000007FEF1750000-0x000007FEF179E000-memory.dmp

Filesize
312KB

Download
memory/2824-57-0x000007FEF17C0000-0x000007FEF17D1000-memory.dmp

Filesize
68KB

Download
memory/2824-56-0x000007FEF1B90000-0x000007FEF1C11000-memory.dmp

Filesize
516KB

Download
memory/2824-54-0x000007FEF1CF0000-0x000007FEF1D4D000-memory.dmp

Filesize
372KB

Download
memory/2824-19-0x000007FEF4A60000-0x000007FEF5B0B000-memory.dmp

Filesize
16.7MB

Download
memory/2824-52-0x000007FEF2190000-0x000007FEF21A1000-memory.dmp

Filesize
68KB

Download
memory/2824-51-0x000007FEF22D0000-0x000007FEF22E3000-memory.dmp

Filesize
76KB

Download
memory/2824-50-0x000007FEF22F0000-0x000007FEF2313000-memory.dmp

Filesize
140KB

Download
memory/2824-49-0x000007FEF2320000-0x000007FEF2335000-memory.dmp

Filesize
84KB

Download
memory/2824-48-0x000007FEF2340000-0x000007FEF255D000-memory.dmp

Filesize
2.1MB

Download
memory/2824-46-0x000007FEF26F0000-0x000007FEF2765000-memory.dmp

Filesize
468KB

Download
memory/2824-34-0x000007FEF4520000-0x000007FEF4532000-memory.dmp

Filesize
72KB

Download
memory/2824-33-0x000007FEF4540000-0x000007FEF46B0000-memory.dmp

Filesize
1.4MB

Download
memory/2824-36-0x000007FEF4480000-0x000007FEF44CC000-memory.dmp

Filesize
304KB

Download
memory/2824-5-0x000000013F320000-0x000000013F418000-memory.dmp

Filesize
992KB

Download
memory/2824-28-0x000007FEF48D0000-0x000007FEF493F000-memory.dmp

Filesize
444KB

Download
memory/2824-29-0x000007FEF48B0000-0x000007FEF48C1000-memory.dmp

Filesize
68KB

Download
memory/2824-30-0x000007FEF4850000-0x000007FEF48A6000-memory.dmp

Filesize
344KB

Download
memory/2824-26-0x000007FEF49B0000-0x000007FEF49E0000-memory.dmp

Filesize
192KB

Download
memory/2824-22-0x000007FEF4A40000-0x000007FEF4A51000-memory.dmp

Filesize
68KB

Download
memory/2824-18-0x000007FEF6390000-0x000007FEF63A8000-memory.dmp

Filesize
96KB

Download
memory/2824-17-0x000007FEF63B0000-0x000007FEF63D1000-memory.dmp

Filesize
132KB

Download
memory/2824-14-0x000007FEF5B10000-0x000007FEF5D10000-memory.dmp

Filesize
2.0MB

Download
memory/2824-16-0x000007FEF63E0000-0x000007FEF641F000-memory.dmp

Filesize
252KB

Download
memory/2824-15-0x000007FEF6420000-0x000007FEF6431000-memory.dmp

Filesize
68KB

Download
memory/2824-8-0x000007FEFB3C0000-0x000007FEFB3D8000-memory.dmp

Filesize
96KB

Download
memory/2824-9-0x000007FEFA5B0000-0x000007FEFA5C7000-memory.dmp

Filesize
92KB

Download
memory/2824-10-0x000007FEF7D80000-0x000007FEF7D91000-memory.dmp

Filesize
68KB

Download
memory/2824-12-0x000007FEF6F80000-0x000007FEF6F91000-memory.dmp

Filesize
68KB

Download
memory/2824-7-0x000007FEF5D10000-0x000007FEF5FC4000-memory.dmp

Filesize
2.7MB

Download
memory/2824-13-0x000007FEF6F60000-0x000007FEF6F7D000-memory.dmp

Filesize
116KB

Download
memory/2824-11-0x000007FEF6FA0000-0x000007FEF6FB7000-memory.dmp

Filesize
92KB

Download
memory/2824-6-0x000007FEF7DA0000-0x000007FEF7DD4000-memory.dmp

Filesize
208KB

Download