55ced8dbb6f6bfd32b67b6fff510d3e52f09c5b73f10ff68da4d72fc8705f0f0

Resubmissions

18-06-2024 23:09

240618-25l14sshnp 10

18-06-2024 23:08

240618-24tdssshmm 6

Analysis

max time kernel
483s
max time network
1320s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
18-06-2024 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.zip
Size

14.6MB
MD5

fb4fd12a45bf9ca32c69abadf7e3a45c
SHA1

f8944c795a7e80df7d6fa6a3c05e0a5bf73e3453
SHA256

55ced8dbb6f6bfd32b67b6fff510d3e52f09c5b73f10ff68da4d72fc8705f0f0
SHA512

58ab45b47c4368b67a52d4143a2d88f3fe2f4dbabc9e6a0198fc475a6f15f559661642392c812ccc881e80f8eea57625c690c15a286b69050edc09fae63656b3
SSDEEP

393216:NgR4q5mYg9UMs57EL4cAagQN+vzh8r/wUBHYGpspdu9XEWQ:qR4ewQ5gLfAHQNe2/NHzsz

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs

Web Service

T1102

Processes:

flow	ioc
26	mediafire.com
30	mediafire.com
32	mediafire.com
198	mediafire.com
27	mediafire.com
193	mediafire.com
371	mediafire.com
24	mediafire.com
48	mediafire.com
51	mediafire.com
19	mediafire.com
25	mediafire.com
31	mediafire.com
368	mediafire.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

1432 chrome.exe
1432 chrome.exe
1432 chrome.exe
1432 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1432 wrote to memory of 2020	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2020	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2020	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2776	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2660	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2660	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2660	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe
PID 1432 wrote to memory of 2688	1432	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\1.zip
1⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef74e9758,0x7fef74e9768,0x7fef74e9778
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:2
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1384 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:8
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:8
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1560 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:2
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2892 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:1236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:8
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140157688,0x140157698,0x1401576a8
3⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3412 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1468 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2776 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2816 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2376 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2692 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2472 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3284 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2464 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1768 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=880 --field-trial-handle=1352,i,15687445524278226818,3184779774735644030,131072 /prefetch:1
2⤵
PID:2712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1792

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
5aea092255c6384282d28d004f4e3e45

SHA1
a48d038dc587f689fae1c43900f716b77811dfa1

SHA256
e5a29104072d937f71040aaec1be449620d20960dcc0b254d92af109f0220cfa

SHA512
21ebcc3078d0fe3c3954a61ec15a8bb228a0dda04efa324178f19c92cdac20ca9831c719309f2540783c9bb0099c0fa00dfbb2afbe264b1f856a3592fb851ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
cd25c90c3630d5d14e0e099714b7a183

SHA1
ad825f8921a2b35650968890f5c3a0065cd46d25

SHA256
70699a2a0c2bc9ccd98c012da03fd7ff1777fa4514e1df78fd6db594f2404e94

SHA512
714dbb8c4bcab102e5505bf90ddf8df93d3287059e8d61b13e3e5f2fa9d55ab347115b1d785ec628f724e9980316d3fe0fd3d4a065fa3183de71f6b85730a3d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
b71b70956581b4ffa1c91d949dfe1c35

SHA1
0108d8a6c34ae10b04d8811a917e7b4a7a9896f3

SHA256
959d025ed94e152a7e3b7d5ef2dab2ed284c11e6e41dde2f3f3347b1e9a8b50e

SHA512
32e159e0700ec76cc230e5bc54c6bc8d6ef2eecbb460c79de12cb451e1ad8eef3e7f98d1cd594f2ea3c73202398eda4683e647aee9ca2522cdae9a078edb83f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
94b2b2e62202edfbba59ecbc31445b39

SHA1
9c29f042f3cdf530ac91a4325642d942412add8e

SHA256
18eca159a15bf19c8c2390b13709734921c56b5e9a15b039c5fa7ca57f7f758b

SHA512
87240aa3dc10ff04db98a51a06520294eb1e1d7dc83c02f9966152f1a06b10b687415561442e602f7ef41fb9ebe8b1e5c388e47ec0e4d284a0d4d6758708e3dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
9738dea35b708cb78f3592690f33e3c1

SHA1
6b91c6dc34339f95668315a0ba5aa66febaff2d3

SHA256
394a5918d2442e0f56f8cced5b07d83d7994fb1397d8fcd066180a66919c53a3

SHA512
0c32c098dab01fca08524805adf614c15d343e6af1c0ffee5d5c791c63723b8d7799a054b0a240551f2c67556a88661ed70f8fd0588f3f041b99e6d94b904689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
d3a347b61f4fbb8bcb90cc3b7428640a

SHA1
d191c82523838c316fa46089fcab055c7164a4a3

SHA256
225eec4881ed6494bd143ab4ad6772ced520cbafb4fef9efccdcde9a8568fb6b

SHA512
3e9507ff65e160ed4af114e7dcf92af7e29e84a2077d87623b5d832381f0a9f60f81be8cff9758489f76fd9ad7093dc0c65860e0a6d1f420a1177c6027a92390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
16bc9a82811f2903c7a15ecfe7743659

SHA1
ef7d7578d04fd9ffe75c944502d207e2c2ae16d5

SHA256
e53cd496f4945a6ec47015f39b7a552def9d11452c67327658a81305e041c305

SHA512
75ca16644c8cb51cebaa6af2e4c316a38f62853dd8b5f87df94f84f861f44b9117912c0066e83ceafd3bb27a3e6d246637fee2762d68297c75cfe907fc16d3cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\crashpad_1432_VBQDKBROBPUZAUQU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit