d3d0d8e8326ed7fd40ec9893a54e8cb6783d7d62945bc88932a489966c55f94d

Analysis

max time kernel
53s
max time network
135s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 23:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MOD xbox 720p.exe
Size

340KB
MD5

3da6af41d72566bdeb692bd3f67a8a6c
SHA1

4134d0d8210aea54df1545d3e68cef14f332a579
SHA256

d3d0d8e8326ed7fd40ec9893a54e8cb6783d7d62945bc88932a489966c55f94d
SHA512

3cf9c13be4082f970758cf457c932363797f167fad426f28dee12dc516545029ea1707fb7e4407839d78e854e5349ae80c436bfcbd438e5975ffea3f03ba0292
SSDEEP

6144:uK2UOfQLAxUeGQQqpEZbeWTTRpL2Kp9oNxDRFN5zuMgrYaY:l7qWPxpP9oNtRFuVYp

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1988	2160	WerFault.exe	27

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1988	2160	MOD xbox 720p.exe	29
PID 2160 wrote to memory of 1988	2160	MOD xbox 720p.exe	29
PID 2160 wrote to memory of 1988	2160	MOD xbox 720p.exe	29
PID 2160 wrote to memory of 1988	2160	MOD xbox 720p.exe	29
PID 2828 wrote to memory of 1712	2828	chrome.exe	31
PID 2828 wrote to memory of 1712	2828	chrome.exe	31
PID 2828 wrote to memory of 1712	2828	chrome.exe	31
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2672	2828	chrome.exe	33
PID 2828 wrote to memory of 2544	2828	chrome.exe	34
PID 2828 wrote to memory of 2544	2828	chrome.exe	34
PID 2828 wrote to memory of 2544	2828	chrome.exe	34
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35
PID 2828 wrote to memory of 2516	2828	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\MOD xbox 720p.exe
"C:\Users\Admin\AppData\Local\Temp\MOD xbox 720p.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 68
  2⤵
  - Program crash
  PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6879758,0x7fef6879768,0x7fef6879778
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:2
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2336 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1612 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2240 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3696 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2448 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2436 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2832 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2132 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3980 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3992 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3908 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3340 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2468 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1808 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3900 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3668 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4136 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4240 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3764 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4132 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1984 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=1208,i,13823152079096099580,18225410761433388235,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2332
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fde7688,0x13fde7698,0x13fde76a8
    3⤵
    PID:288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2108

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e347e82cf7f4f1083148cc95886962a

SHA1
28f9e01f25cb60b23eba64e18ba14edd6f23705b

SHA256
4bc121d105a0cea96cf02a1e4a142fef4d64c0577d4de6e5349048442887cf2e

SHA512
d0e871f35071f90f76f7ee58b31ecf3eafd3d038496df75fcf10e0f9ea852272ea302d7a729f5423685c9a83492258e3fdf9e8667e29b7fa7db731903d115798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6810de51-542a-4f75-8636-64a295ce6e80.tmp

Filesize
6KB

MD5
bdcfc3e8bb17611d06e52a27a6053660

SHA1
e2f8928f8ac4d7a9cfeaa11c257eb5930d96983f

SHA256
091ae05519cfaa5526e1f72d780ad62cceb4b36763507704175f757ae32431de

SHA512
dada0e5bf63fd2d5284340043600a4770466a867d6a40f6a364a6658985d5f536acee444319cfe1f6affee5a1ff34cb54d4dc23ff1fe41388c55b69690357f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
68KB

MD5
f0c27286e196d0cb18681b58dfda5b37

SHA1
9539ba7e5e8f9cc453327ca251fe59be35edc20b

SHA256
7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127

SHA512
336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4df806c2d631ee68130e92ef3866691a

SHA1
111b8ebbd71b19234adc7af8b095795803fb1c85

SHA256
c3adbc947ea15e176a2c17a2431cbde4df09757338dc23afbd26818e49042783

SHA512
8a2d2e087ed0a30a9fc2a574e009acaa5d89d18c3657eff63fa7e08307143228e2154b71de64f09cace9f6cfb7946e19a938c8eaa0b298e108bb4389e9e3ec7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
893c71249dfb2cbd93321015c1bd0bd7

SHA1
342bf6f403185ef7a58cd186793b707527a3fc7f

SHA256
7fd9280342b4819bb41a977b6c06ccefaccdb646359f2a3306d83cccd63d51b0

SHA512
2d6b74f173b73f9777a7c7a79a43293f6923fea65458d339eb1ea6e7c17623115add1993d1bb25a8e986edfb5c04592131e989253adf97d144d52bdffbea7968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
0c88cef87c5c78b7580bd6a552e14394

SHA1
9e1eb2bf6aec479f5a7862e16887c60193012055

SHA256
f05a699a4b4de537ed1d980daccbccd10a5b33b93a55daa318312b1af3da1933

SHA512
5ceb3415d94991b0ccf704491eb9f171c2a90fc055ba11da399e2b7e0f0efb7348c5e551fca9afdbb0de1136909514b00d3e28c0fb925b9e44e2d7cf89f89804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
09677f13ef529cd443756a3682e2a75b

SHA1
3308aee07956c7278e8ee5c29da1133e093a1add

SHA256
253d95857e85123df547714f55fb85d07d2d7914748483d90fbd9ffc01fee9be

SHA512
5d6375211a1eeeaa25c9e1ef18d7c54257d25c0a318bd2a160b1af6e24a254a9fe817fc76988e91fa59c4bd573995b168eb01d88bb38f130661bb589e7baeafb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
b739cbf3670a054b2a20f63b7fd438eb

SHA1
26b838195bb315e985a44c28bfc1bc778656cba3

SHA256
4cd35e7dbe3ff040231312750066fbb8187fa63a4ddbc7e6a3ba9d819da7e865

SHA512
f7e0410ef128120d3826f36c84812f6a08951f2ae5ad693ea11697e30b039018608e29a54be8c930facab15cdb0b8d2968dabfd240c543cef8243a216721dd86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2143e3cfee8aaeebdee8d289f0589c2

SHA1
9f4c555a383b7c3568d06efb7d8056746a516946

SHA256
a6489d9258faaf324f291b69dc2c527a6c321b75474fff9fdc139eba8fdac1b4

SHA512
48e55a0e478f086809ec75dfe8c72f2572724c9a543e8bc8a9a75370d39a4752e653771a8b80401d923bbc9355ebeb4f04ed001205d25a90bd97bdfb35c7d742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ae80c866e6fb2bb8ef62e02fc7234e2b

SHA1
230eb2efc3adfdd3eb719506cc0e34314bc16d2e

SHA256
cc895de6a4054714468842e4b69947ce2242059c54e5ddfd9779437546307619

SHA512
cc9e7fdd960774af4f2dd9384a2ef97b076391e90f63aa00c1dddf58deaa6cc4dc0b7f3116ec7edb77fc16c184268232779d242f669a7465864a1dc786450bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ca7ea79e8436799b82479d0bc651c28

SHA1
007ff0593a6cfd8b4345d9f134a0f80f9cc69dd6

SHA256
a07e7ebafaa45ce524955c21cfde01c83e2596ea25a1f0c139f05919a4e4af07

SHA512
58fb23c1e22ef3ceae3c803fcf58646242c08d69cae9f3fe8f35924f87614aa6d22801259235905685919ee21081f6b207e8faa3f52072100064f67de7e153d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3fce73a69ee84a468bf6b466828de12d

SHA1
b60ff56ff59ce731853f781ce71aa4ecc486bc28

SHA256
c9f1ab5ca4119f31a1b9fe697f7bdbbb5ec7c96165325160ac8e74b59d14650c

SHA512
94d793688eb37755238e7cdd196c2d747c2e54c8d33e75c7f8a6605d7c456c3fa0f0032b1b9539c4bf47967026bbdf44ddad9aedcb80b9b90def5fc4001aa9a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
297KB

MD5
3bc8995d63a0adbf113e69932b8da270

SHA1
476938482cf2ab554abf0654f0b9d6205f998442

SHA256
56bc30201d71abd8cbb61a2e1cebda071410e1fa32b9a2446259e56919534e63

SHA512
e57ea6adb08b83682c42dd50c46edc0a054a6c5177de1e81a7ce010fd478bd72bcb32b52b906c46cc7345208979ab2e089b8a01d39a03e8b7d1779d1fc8f96ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
297KB

MD5
b07a46ee3bbf62dd8587fcf384ee46ff

SHA1
c12b1438f1f006101a47e2cd6913022bb558a49f

SHA256
f2e08f1b85fdc57eaa2d9f25cf82c4e02a074210a5bdf2061b88af430217af28

SHA512
a29d9456986fed7652e88b7fe063760b36898a4219934e6bc214b8e27dcf3c1e1fc57bb9555971e7ee2bda43870f8fe395aae76d32dd7fb4576e740f0f6d4e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
297KB

MD5
803ceeb748997862f6fa13e44db8b9a8

SHA1
810978986d836d786193682fcb0bb7cd7d5676c5

SHA256
61bd66a418a03f3dbfa391c07abe3dce787aa02f1c488f15de56096f2447a48a

SHA512
0b1430004a2d7ca5b17ac0b21aa4d673c4acec1b833f42171c54d1a9740445373475f6338c73a30ce13beed77006db760e994330c5907ce81335b2c685097f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
297KB

MD5
39697fd1ae71ebc38a349fdba6c04387

SHA1
8f4a2428ccf482a5ca4182dfb542021d60715c11

SHA256
85a7ccba283ddfaa98489d29ef3a7a8f90bb092f9404d073f98edd6530eeacc3

SHA512
7bb32dbc7deb684a699711eec733ecb2a3e2fc39701ba432e8bab04113c622821ac982936a1a58409ef442938306a1c177be456daebfa1f61a2cffaa141c8f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
73KB

MD5
def7d989c50ae3b76d7884d604aa8bef

SHA1
0633159fd1a55ae1784f8552448f435f68e6a769

SHA256
6eeda679bf80afe5366650734fcd0a5d35be1c65b54de3c087f843c4081b2336

SHA512
8185ba0d3b1f56afd6b556c108b8e15a4502de231b68136ac91003a9d07de6cb8930c9b1c1ddbb3cdb13bcb1212d74589626f5854afcc14ae4733d5aa6275a50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab27FC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar344F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit