eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2

Analysis

max time kernel
45s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MrsMajor 3.0.7z
Size

234KB
MD5

fedb45ddbd72fc70a81c789763038d81
SHA1

f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
SHA256

eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
SHA512

813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298
SSDEEP

6144:HMMAgnxjSgdHCueEVIzAMAcqXvYEC86TFSQ:HagxjSg1xrIzAMAcuI5TFT

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2564 chrome.exe
2564 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exechrome.exe

description	pid	process
Token: SeRestorePrivilege	2984	7zFM.exe
Token: 35	2984	7zFM.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

7zFM.exechrome.exe

pid	process
2984	7zFM.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exechrome.exe

description	pid	process	target process
PID 2040 wrote to memory of 2984	2040	cmd.exe	7zFM.exe
PID 2040 wrote to memory of 2984	2040	cmd.exe	7zFM.exe
PID 2040 wrote to memory of 2984	2040	cmd.exe	7zFM.exe
PID 2564 wrote to memory of 2068	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2068	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2068	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 2896	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1700	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1700	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1700	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe
PID 2564 wrote to memory of 1808	2564	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c39758,0x7fef6c39768,0x7fef6c39778
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:2
2⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1508 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:1
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:1
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=992 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:2
2⤵
PID:324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3172 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:1
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:1352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3636 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:1
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2644 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:1
2⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3532 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:1
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2280 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:1
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3804 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:1
2⤵
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2620 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2500 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:1
2⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3812 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3636 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4180 --field-trial-handle=1212,i,9795850620110168352,13747394189838446953,131072 /prefetch:8
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
149735b98def5311268c9af28bf01fce

SHA1
1d969b65b8c34bd50febbbe0f497182a76bfac8c

SHA256
402b0a4d9c37b6c281751551950e6e10087d1b46aaf88da991fda273d60e6548

SHA512
eb21223bbcf9b2d71665893046ac2864fe8db51b4420cf65518d049c319868a3edcdb7b7656f0f6a23db56155e634cf0a52b4ae702e06c287e5d9b4c6a77f269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54643ca115aa8945f3f949a4c58f5054

SHA1
5cbc4df43e463b9f3bb15a7e3740e5c9ba74376e

SHA256
348b83b999a835a5a3258b5483a4c6c0b63ca419affbe7a179de63ed2385dfee

SHA512
0b4d7af33370ad7f5a094fd0afb79c0328d71913fc7062d970e2d7c0733dc892db023dd9aa58259d87226ea87ee24e1617b246dd90e8a2b66bb81ec7d5c494a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
310ab9307320feddc69737f2d8c3a1af

SHA1
e4fa6777642e65ae6b1e70f2549fe0680a54ca72

SHA256
fca73c025bb93c9c0bde21089313a45ec13eb4a7c01cc595b640cb496488ab69

SHA512
7c0957a6f9a80b72ab97c5cecaea3438d155d3f43370726fa8bf312a2c2d9d480fb97ba45787a29c3c6e81cb18569bc5769ef7e6ecd721d58d2a29202027132d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d65f7b73793faf4495b0e1c47e577b5

SHA1
05569d0e9caff2c6ba5e70de74807ef22f09d1dd

SHA256
7b61dc870bd8ecb05df769f5a081acfbf70bc3f605b1a7f86a20f1428331db1f

SHA512
aa28d0dd4e9000985c908e6e0e206a5357d39596ffd7cfbb035d1a946a85d0f9172c7442f071429b169102227e33681cc4ec916699c901bfd1dbe51c384dbbc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
8ec99e63b957a97e7d210a1c6c35b7d0

SHA1
116238837be9a91ed28fc51ee64dcd52a66688fb

SHA256
eb175a91958f927e2e3243a43dcd6bf74eebf525ab5a3ec41cf41e1cee9cfd4d

SHA512
2073a54b681312fb5ac55a41afb4845d847fb7bc8aa00e8bfd8fa1b640b8578111267a966dbf2339e0b2b23452cca3973ddbc9475ddab9a24e4369462d462c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf765e46.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6339fd088e751e204c9eb0fd0f07bcec

SHA1
664ddec76e6ede0e39c9a6613614fe0af94484d0

SHA256
d2002a5bb6a2313ffceb177fbeb5cec5d60f318345ff886d0ce97c23ef1f511d

SHA512
59b97938b0c170b03038c74457cf78308cedbc6e393ac570dc844bb34cd8b5e352cd30e4dbb7164c72615dc089c8b28d02d6d7a1b23a5e42702b42f32c3e22d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
2dbe63d144dffaa65a117def271f19dd

SHA1
be0c38209c0149f9d1106b99edb2462001e129fd

SHA256
30d9ecc9250b2990aaa03c10e3dfebb0f8a1cb148d7cd43757ff4095caf2d43b

SHA512
ea84b8a026de944351a885cb1efdc709a18514a6a543e4301b17efac55dd3f2c2afa1f7a4fd128ed7710cc5260c850f0af8bd586cc86613cee7ba047a5c49eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
955f38d973edbcddc887bec1ce6d059e

SHA1
79b1c168b1fe854867f28a6ee1d4199238f4c037

SHA256
0f1503574982a77bfe52f8f2e32ba2dd9519cf538964dcf3409b11fba6c70703

SHA512
17911ef4c763d61d19ee0e54ab1d528a623d47b5495b634158e6c24d610ea4ecff695b7669f2c5d09d9faca661a1c6e766166a09738afc9fe5b2318ef7748a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
13779553f3a6ba598379e7f1c3f2e98a

SHA1
dda385f6432445cdb1a1b54272fff855561385be

SHA256
148c1b3456e05949f1c7b64ad525afdb8b86afbdbf72201a3ea6c34ddad4fe5a

SHA512
b49714ec8dc51149f08a7a035ea053a465ff22b0ff67514139d7357d2b0709f4c13c5c4572af72c0966f572e7347a20e896d9c1df5841142698eb272e4ba8eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b73a52b92ecbda5835dbeb257810824

SHA1
3e104a8ec821ee916f7b8ca13664e89d827c4903

SHA256
48aaa5a09a0ea75968ee865258c20b37b2298f471cedd349bedaa1ad0ba855b7

SHA512
247a0b2471d628ec4a2350de94efe003dcbd0e43411487f99969dcd4c73b3ed3bf95d3889e357875370425398988c8c6bb55386cae70367d6bed16864309162c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
34714f1d8453e7d7a372459f7f73eb82

SHA1
cf56fce6c510922fa03dfa13848ccdb198fa03cd

SHA256
0e982d18c8dc4fdf5f068a46bb3b5ca40acaf024a5ecbe3472fca54b729933d3

SHA512
e8fec27ff4fe8c6ccb2477ba005accbba1aaad7e2b57de6236bd24cf9d2df315ecfd43702f2f3b3ae842a56e831e45c854e6b66217d2fc033095ea17a4e47ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e445e463-f4f6-48c1-9a10-529c4748273b.tmp

Filesize
6KB

MD5
731a458b2e0afcd452c19e3decd6d003

SHA1
926d77fc2032c753a550ad1b865b514bfacdad51

SHA256
9de71ec8f05db9fa8c2b8b77dcf68b6560da6eaa402cf4f41841154049de2e36

SHA512
feb9dbf22573280c3b7d1c3b88b0107b3a1caa25df8ed02dfb64db723b3247ee5acb8861f06d9b422ba4610cd19c53fd64f131577815a4da3901635a24fc9e80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6197.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\??\pipe\crashpad_2564_SRPWDOXLAASZAVQX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit