69811fd3a031d56a72428c7f3f74573b551c2dc9b5fb827fe6740a03eae55f31

Resubmissions

01-06-2024 17:26

240601-v1b7saad53 10

01-06-2024 17:08

01-06-2024 16:56

01-06-2024 16:43

01-06-2024 15:54

Analysis

max time kernel
401s
max time network
813s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Trojan;MSIL.FormBook.AFO!MTB.zip
Size

196KB
MD5

7b62401dd82be69f3f95f7883fc7e0d9
SHA1

6adab9ef01fec2977a9c6cb3f6ff60b01fed124f
SHA256

69811fd3a031d56a72428c7f3f74573b551c2dc9b5fb827fe6740a03eae55f31
SHA512

faf526a594d2dec297072f66cb5db65b32f2313ffa5f2e25f66a85e40f51b1effcf1f40e02b2e62382275414c6acd3212b30d78855c3ce70f4bd54949840df15
SSDEEP

6144:jHgkWXiqhrYVZCmZLZ5r8n2ys/xdbFqm2WJ:yX1hUbLZJ88PbMm2M

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
205	drive.google.com
31	drive.google.com
32	drive.google.com
33	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2472	2080	chrome.exe	31
PID 2080 wrote to memory of 2472	2080	chrome.exe	31
PID 2080 wrote to memory of 2472	2080	chrome.exe	31
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 2312	2080	chrome.exe	33
PID 2080 wrote to memory of 1088	2080	chrome.exe	34
PID 2080 wrote to memory of 1088	2080	chrome.exe	34
PID 2080 wrote to memory of 1088	2080	chrome.exe	34
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35
PID 2080 wrote to memory of 1360	2080	chrome.exe	35

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Trojan;MSIL.FormBook.AFO!MTB.zip
1⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71a9758,0x7fef71a9768,0x7fef71a9778
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1528 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:2
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1392 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3260 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3240 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3732 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3512 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3700 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3048 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4000 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2436 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4088 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=284 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2892 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1932 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1628 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3516 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=580 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3256 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2720 --field-trial-handle=1184,i,17248608170021789069,14052061496782261404,131072 /prefetch:8
  2⤵
  PID:760

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2176

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2792

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Options_RunDLL 7
1⤵
PID:1940

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x564
1⤵
PID:1708

C:\Users\Admin\Desktop\New Text Document.exe
"C:\Users\Admin\Desktop\New Text Document.exe"
1⤵
PID:2520

C:\Users\Admin\Desktop\New Text Document.exe
"C:\Users\Admin\Desktop\New Text Document.exe"
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
33KB

MD5
51b556e0bf11ef6d4293d95aa5cbf07b

SHA1
b36ac7629a8a1cb66ec7ab99fa76dd1cdcf8fadb

SHA256
d2137fd6c9ade4aff7e4d66de7eb9a2d461fbfb08e533b6937554e7e55238cbd

SHA512
6cc66788ef1e91ab90d02fefdd0a690857a69eb3179b3dfffcdd4f0d9eca00c87d6a32b23f07a783bf4274e9f415ebcd51d9d7ccc5d62f608f2375bd79b3114f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
35KB

MD5
11c7e21c816964ed9108f49145eabd44

SHA1
22526a9972c47dbd58b02d57524bf5c128058fd5

SHA256
81e2b28b59c529651f6e2de0be6103b41e46cffd5dada0842e288fa5e8bda2fe

SHA512
ae8ab8ef805e0ae08dc27cc9671fef063b8206f2e5329d21896599199e3a1b171b29ca10efa4781ee95ca666c8024e50dc0a2a08ad873593a98b2026af4c623f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e2057fe531acb0645ec83f59b5b78826

SHA1
2853c6e8eb1cb71b31c0930f41bfa782cf1069ed

SHA256
2b1229f3057f80a80ce94ca76ef76c89959b820350c83afd72473f686498f144

SHA512
cead5778e7f2237e5c592fe5e34eeb8fdfcf45e9299effc783d6ee1d41b638a5f19e14a1c6d08793ea69aa755347dcd59481b2f77c559b330ccb80bada3b734f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
d653a344a5149a2dbfe031a8e8336c7f

SHA1
f40a75d47ec247eab9b3c3d16ff07ccea4621152

SHA256
354653214a0ee0fbd304d1f1a68224ccc241c1de99e6c77444fc4cbd76c4dc49

SHA512
e1acfc28a05b0f9d82cfcf70d4aa7af73b55c6cc1be4bf7611c8d81f47688759a94e575e6d69c652c8623f2285a53c2583f4f1e10c887abebf1d8d2f6bdcff49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\CURRENT~RFf7cf5e3.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\561ca784-86fb-4667-9838-eb78edafdfe4.tmp

Filesize
8KB

MD5
a1d3e353cdd34a100ac618e67066d8e8

SHA1
77460f5f6fd4854cfe5a2157007bf13dea712d1b

SHA256
c1740229dc3007c1cb7472002c3b74f978cdd8567fd87015c42b689c5088df6c

SHA512
0981ab2050ee9e07c5eae601d444c6e742c2225662afb7394ab79b879ceac26201230f4097cff8044b17da66d41b22690c1b32b1aa1f5b6f28893d166c7f401e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
80564321c2a31adb0138f7c23af6619f

SHA1
e2eee204c006cf4aa4eddaffaefb85a37ec345b0

SHA256
6ce7e4755982b51029bddbed15e552f4ef96f5c98f3662069bb39f372957adb7

SHA512
31536c6b79d0f820861fd97e3c6ca9b46423ae04c94d8bae74fa7443797ac0458cc046179836994c7df0015205e199ca9ead401b9984888aecf6be71d8d00bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
861fba032d4d31d3781dd166e8954721

SHA1
d4bd0baaf03c57b9d7b6fcca40179da8ee6980a0

SHA256
c76eb6d53f6d36d61851c219fd1ba72f602b23f309a4d211d563eb55b746a511

SHA512
0b9debb8f52cd6cbbb550fcb79b23a653625e545c79a67b55b126f44a2a94d259f637094da40c7636e1f30377d495de0073eaa2c2abbdd706005b92216a65468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2ff85ca078ba72c024ae221b552e4508

SHA1
17eff732873f8dcb49b3cf246d6ded61a0570e5f

SHA256
0209ca54a46a673612517dbbfa757982ecf0e927412d44637e2a2eea400a93fc

SHA512
76dd93a65d098e91cfbd3519dd494d31e31b99f218ab120960ba5b3d0306f66d09deb3c56b1bcaf2e007bee31b80f1c1eb8e6cb3a9a0a3d12cdbaf6bc778044f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1d724c8f5606b78636fed9b260170372

SHA1
582effafdaa03ac9c6be98916829c0600fa53ac3

SHA256
f978e3899b23036c2b5b6edffeaf481c4a33dc5d1f1adb33a70dc8d83c1c1345

SHA512
d578354b7050dcd35b40269696ac506173ddfd1b3a6240cd3e45e1c5e5f47b66d7d5601336a62e6a403e1627a8eddff2eb3c2a526b3ca7531bcfe4635c17930f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1003B

MD5
6674ef2d5db2a793796bce6c8db156c8

SHA1
420bc669cebfbd7bb0246e9d91a662ff9e8751a8

SHA256
16a8ef319bb1037e896c5c132a51b4e222b003d2a0fd062c1974757539f0a2e4

SHA512
2dd43066d9607b73ad6fa61cb7d15e6e4b3e2e42525c525fdbbf1a9c875b10258aeb43b737abeb70c60851abfeeee0522d44acb4ea5ba59ec7b93960d2793e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1009B

MD5
430dd641cae55bc156ff8180c2b27440

SHA1
86c121111eb562f18295e65baea4f582439172b2

SHA256
4d06a6898dd8bd5f4973bcf6ce3f3e4e1d8a9c6e90b86c7b6c3529ab862fc597

SHA512
18cd90288668b1fd6dc76b548d67adc9286cc2096bf7e5eebd0aba39051b2f3407362132bcacb9b2f84771252db7424437d67b4d271b7361240df04a223f89a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
2ea137202891aa12c12dd21ccc1d184a

SHA1
d0fbb7b5ad8e45b72782936b2c5d280b579de7f1

SHA256
85b753ce6f4562b12728da82a9a2c945444f1480629b51b7c15ab79980c65355

SHA512
9aa83018d6c6e0f5f7b6d738520e99011b9b00b9af5d3353376f95af090971ce7f41b27b22e5c4accc040d35f49d7afc8d67a09f366b1bd7a2cdc73c378a3b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8e4ac26e9df275c95a4f0a16da9844e1

SHA1
920704b637a35793df9ce72f428ad2b7e2fb206c

SHA256
5aa7b6f8a599a92bbc100f1e256611668adf285880646b958c4c3441fe91bab1

SHA512
95f232a670a3e7c4de891f705a0cd2550811a4c86c86353ad224aab85b2cb1e7e730c2b295eb41075d07de9c3504678965d9a7e62c306ab81ef788c9c462ad5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bd0fb7fad34cb9981f69915254e50e50

SHA1
5f1e2cfcad741664a693148f46797d5cbc92b550

SHA256
f4c13e33f0a54432420364d184837cd428c5c0a687916004421dea61a82d98e8

SHA512
7808782e2f74a365e390cd0759ecfb1451614d24c06ff24c02a57ec0e6af44205150b5fabd0c24902f96fef38a24f1f9837eda58420cee3c0da7e6b8d0cbb2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1005B

MD5
f95fa08549a54a854366c174c953ecab

SHA1
ce38312a654c92003406f9299883546088ae96ae

SHA256
a10aaa8c4b57db2d267038392dda5f6f9934fadf358316ca41727befe9648175

SHA512
9fae4e8fc5b3e991fab12896b8fba724ff329ab37cd85859942d6601bf7f3b5377ecb106dcc1cdd4a8da656a98d94ade04bf4e2d02fcb93bc971141212451b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ce1e3662304033d80724f081d6d8385d

SHA1
ce5d10651a32a85099725af465e92e0da83e1a4b

SHA256
15088a5738b733076cf1b93ed777ea1aba837d530e47d9cf3f6c13388696cb9d

SHA512
cba3c89131766851b9eb3e80ff3cd2e21ae18508bf13611d6c3f822a4007f393be0c541f39db65226eb753a889cc9ce5ebaae93fd5feca760e9983c6cb587c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
28d2a6b048e90e24f69cf0d8a05cf72f

SHA1
8a9ae17e5688145fd3a3a9efdae7b435108fa0cf

SHA256
f6df994b8541f61214ad8c60b99b78a19c4f199501f245ba57ce233e6a23cc08

SHA512
50d3b9ee6a714ef566ba0b92a6b348c2c990c6d78c11977d9cbaa632d17afb477c80cdc314c6de65a75a5721bc0dc553d294295c77c8a9fc7f40a7393aae0920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2a0077af45441c7a6e98b060c21b64b2

SHA1
64a341106f4a99bedd549a343f2e0ca5e03ea59e

SHA256
96ea94a2c71fc9853fb22e9f3275f8cc5267e31cbbd14cda47681d61da3bba99

SHA512
4d01589f722e138be4f12287f86e0088a72164abcdb64adc7ae35b33e24d564b22b92b4887f506b487a706bbc56195e26bf6b5a82ee9e9863df68a36c39f1a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6972a0073a4453e9536478336f5dde41

SHA1
5dde7c0c2f4ab3c0bea84e9d1e9f7d6cb1715d1a

SHA256
23f71c4e0f57f345ceeea9d0d1b54e462aef183a5f4d1d50a5fdadddb6975dbd

SHA512
b3dc0c75f113aee094254c3188bda814dc3c08d7dddabf40e79ac822b1e18c0d1bce1bc41608dd88b7fb1ec170cd1add9b7c1360798e4f159923b599a29ea76b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3575a585775f1b4ea7483f6a6f0d8cf4

SHA1
4f834b4c5693c10afa665c4ce4580b28478b5fc7

SHA256
ca2cb2e0b72a9d1b74fd341da95ed2c33eb22ad701cff91d018805c636d10187

SHA512
b4224e3c449c38d3a40faccce686c5792cce6da3606670e3af24d90620497ccd4b99658ef8df7953dd05a807f8ba4048e17a80bc1d67f7b5004dd9ed28ead348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ae4ac224da5a4ebb7db057f1916c8d11

SHA1
db410c7a844f92641aee22b163a87508f20576eb

SHA256
01b315aa83db2243bf8a12f105368ece4797ff77cc68d171f82fe2d54f975046

SHA512
a162179222c506ae59086557f64030cd3f3e0a0a52967eb77d2a366eef50ad6e1d863efae0d95ecab14294e997842b61b4b66495971c4357089127dd3a9876a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
630ef2898f32a54da49799960620c706

SHA1
43ecf63f1b044b3782ac9175501614549781ee47

SHA256
6f7b07383f0628cb65cb5f7a2e2e2a4921f6c773b1ccb546deb9d0b87c0504d3

SHA512
3a559ba85f6ff1415298739bd549f659d672d59e729db056da3ed6a004a9a221e62d441866a21950367582a6e2322e049d86316735a84db0f643667c272c9cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
271KB

MD5
c7653ff3d377bd4b15d7068b4a2a30e8

SHA1
64e6863720d572d344d88ac7b57dbe3c128fa66b

SHA256
0aa932670301a443c6650d089115615e8ddbec119c0904b30b39d3f12a4c1ac4

SHA512
ac1d5f86257e5a8362add9907c9ae255131cf6cb78734fe31eceb061d0a13aed49a6a664749ed3bdc4523a3dc1b86b4aed3d10301335aea1907c5151a07da7be

Download Submit
memory/2520-536-0x0000000001220000-0x0000000001228000-memory.dmp

Filesize
32KB

Download
memory/3008-705-0x0000000001200000-0x0000000001208000-memory.dmp

Filesize
32KB

Download