662d56478c8fa24fb43b71cba64af8d941ddb90659c2412144b46137e2cc4c36

Analysis

max time kernel
58s
max time network
145s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

koid.exe
Size

1.7MB
MD5

937bd53a5f505b8e9b00416590ad8d92
SHA1

5abece11f9d282ec009bf441f132676344f1ede2
SHA256

662d56478c8fa24fb43b71cba64af8d941ddb90659c2412144b46137e2cc4c36
SHA512

2027fe14eff8cc0edd67be7f159e0710d79376aef11a70d4c0ad94d501667fd178780fb3a8f0c4481d2da32a3f6fd698e45cef297aee628cda1ae164e0434dd5
SSDEEP

49152:MXi87ZaoNcK9mVrSPYO1M+BrgdhwmzJnU:yvycBr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2788 chrome.exe
2788 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2788 wrote to memory of 2684	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2684	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2684	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2928	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2488	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2488	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2488	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2632	2788	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\koid.exe
"C:\Users\Admin\AppData\Local\Temp\koid.exe"
1⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7229758,0x7fef7229768,0x7fef7229778
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:2
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:8
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:8
2⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:2
2⤵
PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1412 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:8
2⤵
PID:1572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3652 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:8
2⤵
PID:1220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3756 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:8
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3832 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3844 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:1964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3704 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3236 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4248 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3036 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:8
2⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1380 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4100 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3028 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1072 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:1
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1112 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:8
2⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4172 --field-trial-handle=1372,i,2089412645372270805,12726928516889644316,131072 /prefetch:8
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1012

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e846eee60eb7a0ccd1e358d6d7f8e0ab

SHA1
0538cf10bff9a7b491555ee971fd19131a07a7a5

SHA256
6361db2fed33767e093b7ef37149c943f935b8b5a25a9218e5cd2f5b08cdfc1a

SHA512
8151ba42bfa74712763365b037e96c5bfadbc42945736760af00243e0bf9ac312072c2e490f08e3866d06563361807198cbab3cd45be84199299ba0def5cb106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
48a69416d460ae5348798b2069582abe

SHA1
45a7fb696dd5b1082fdb4a5d9fe43e7a359e8cb8

SHA256
453c2d3b1350716a1012723035ebd25c6db51defb4e6e729055d7acdad263b0a

SHA512
19766edebb5d10cd717b008a35c2fc74236411b24d737a84417fc0f823a3003b2df9a22741989bf22f79778af467839d9749944626a75b8e7b12f8dbf0daa831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f8b6485a00ab85b4a5778544e5a3e70f

SHA1
2d5b6be37fbfb79615bfa9bd32627e231d31fef1

SHA256
6c52d07658f209a8bbd71bf0267d9c77e22dd965eb64f011f20fd73dec8a397c

SHA512
835effa5748c8fbba01cb19cc2230f3e2b91ea0641df636d6fd06d48d322c4792776e71216c546aa1051344174e966b49ea6fc91d733810c4e51907d12da534a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
94ee82475426501ab7dc3db8a8e753bf

SHA1
2e64cbcf6cb3945dd7d58f3fecb9f4f713fed1f7

SHA256
985a33b808b0d53317bf737b8a40df22fc24810be965413324f547c39d4dd57c

SHA512
90a5ab6c07c2baa7fd4402084440ef141de32f72fda870982428dfed66e5ce65e640c884916f8690edb8c6742d3c06afdbea49a598a3a389081d2eb32a49c979

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
31e3db5312f3b1a209e14a08cd17f02b

SHA1
7de94039cd77cbd1574ccc1ca87ffc4bc02c176c

SHA256
f6d6fd6cd7eb8b6f5d0c3c9092aededcde832ae897e4a832298efe1ad3dc28ac

SHA512
8e56e1200b3d5157cdef7135a158a5cabf86af8c0298535cc7259e289252cfc851980345f9331ac47fdf45c0a1d00b6724f579498e05927ad779ee71661cb634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
49ee79ac2f214e7442761cdbaaa17bc5

SHA1
46ec9998f6ab738bdc89584d3844ef9cf19afa4a

SHA256
7697d8b9988f6a52140e2b7f661085ec8413b70d726684fb35509e3b19d09729

SHA512
33309a7cf58902b8b2cfd8af15015c4d43f5c9f6bdc7318dd34692e02b884db8103e2cbdebfa28c8033945955a0cabbd4edf5f9899976eae53f0416b66edd6ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9937293f-fb5c-4b31-9ad5-3def84d0aae0.tmp
Filesize
283KB

MD5
ccdf798c6966964c0f7612f409bd7de6

SHA1
f7da07595b0cc3c2881582ee47c3cdd35a2822bb

SHA256
0bee92838b3635104bc2b7d2244b0960e5ac7afba31592b9408e494fde9274cb

SHA512
c7a8946cec881f8a050cc1c48ed37b69a799b24d5e38397d539db5b446b2ff8bbea34049deb63fbdde0e7ec0a3348fcca371451227d1d5377afc9ee7e41cfe4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
39e40b362bdc1e121c6c6a234cf5a7d0

SHA1
e7d46c8386bad51ab8b775c828ece711ef320302

SHA256
e593936454d92cdc9ca94e2ab9a6ad6fcce1b336d57adeb62c2ab0a23a938192

SHA512
b4250429c50a73e4d72e6f54008bb29cdd7bdd016096d9de8e4a6ee79a9cc2b9b39125b004e5d588633510615724ca4a11a96d32b540433927acdbb58e26b8d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5f1a07b9-d479-497b-a05b-ffe7fae4fe7f.tmp
Filesize
7KB

MD5
e2f4322d1a6f0c15ac19f932af00df98

SHA1
f32c8f21c3a7390c9798e6a70df56f76aab24c2c

SHA256
4ae946d952c285bd5c31a93f56f3103f2deb7e5d15db905ee7eada8a2d1aa1af

SHA512
2fe6c267e53aaaabacb97477fe9f19a20433ee3e268a4569072f6d51e442d598227955489612314f01c53045342ca6fb3003563bdf70a9f0911cf90b4950b5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
91cf024e5e244e6099b66952aef152a9

SHA1
27e130067be6b041d985a750a48b957152d753a1

SHA256
ac34706c6cda7aca898c7808c37caaba15f9832f38d9cfa52158a18b33bcfac9

SHA512
4e85eae52b533ac01ad1e7de7270b6053bf1a592bac99e6a3bd145fc0af5e4cbb40659dd1b35049d8a167b234d3bdc11dd7de66b4125b3b4107ec3da0b9d4384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
eb96d021dfa5f82f41cb646e0099a1bd

SHA1
5be80ead4c0ebca6946418afadd61f08cac7f89e

SHA256
36d045436b0138cca70757e8c6480d89b201b041c7a1e2354385b92ae6511266

SHA512
b8f88fcb9907839971d4df355fd67e5ccddf45a81136a1e684cd6aeb0c0a8e6f1f4b864a4e3b07a3c33b8008bd3c294753e338a22781c5a9c4d16640fb4fb539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
4ffcd54557e116bfbb0da7be1d1bdaf9

SHA1
93c1edae3e89a954c82500b664e883dd3a337001

SHA256
58cc29c09ec1a33f25301eba94d009efd85e9c394110e822cca0d59d76845cfc

SHA512
7d34b853eb569db6c9a3e7af819e80ba16d5a22e8391429e18752a60af3d444af0f3bc5b7f4103cea8bd2cc964e1bd4e468a1b0d69e765e19e7b303354460c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
525B

MD5
61fdf2cc8f8191e4028dfdebd4e61c50

SHA1
98d06817b5fab62a4a0f9cb5a5b7b6e3cc1c444c

SHA256
446d9221433cf258f681b85a7260163add92019926388fc6a7062ff94f4d285c

SHA512
b1b8a3fdd7a8b8b04a301df5db69289a69b97ad9d1b36fa6a56dbb7f40a63cedf81ca01eb223773a3fc5e1ed8e936dddd29064da885e4d0eaafb9ac0006c9f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
525B

MD5
e8d3b1f1bc732dc4014bc9dc60373e63

SHA1
eabdcc32220f735e9541a5996d500bac37f9a119

SHA256
56ba33701ae30ec5ec9418069e473fe4550837948367c7948ca6b5c6b117f062

SHA512
bd365f5d18e479d52dd1103eeaf6c40fdf85ebce297b23b8d769d32021996832b5fbe455ed2c43d8ec5a51779ba5083dda2f5e7dbef5ae9d48d388a1d0b445ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1014B

MD5
5123edad05e5c21a0907f8696f23cdb2

SHA1
d22e236e02731cf6eaa030e02cdae4b077347800

SHA256
a3c7d288db3d6bcae1aa17fdf4f29674e4d8774b8378cfdccf8d6471fd9f1003

SHA512
75a2882f12bfebd105ab4950a275fb6e78becfd20cec5a620cf1c764d99af80262832d9a9a39b4ec0ad3d7fff247a10ad07ef44a42399e2222da105cc348b529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
86f5356beca00ded83fb5c0540f966ea

SHA1
f62708a7d94947b8b4afcfcd1c133e7cf05e9d82

SHA256
fee107efe53790da2e8abc67ec713e34192bef9362301462158ef97b87a4281f

SHA512
514e27b7888519ddfb02422f6595e437191e155b6759d9fdfdd764bb4bb64efd01746948f4f565b86838e087fff9816094f28cc3aa7bcde5cd9a0264781e0fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1df9dd76bd2e89d3e1d3eec38e722b46

SHA1
7b22f3a72ce441bc28e9c3481e2326d5a14e8bc6

SHA256
ad7ea1267be8dc57fc33f7fa4e0791ac88fe4a92ff50a914e01de3a52dd63f0e

SHA512
57daa2d16497fbd09f9c153c8e00d458f4a10b709457cf3ff1545fbe0db5fc7806213f945f55e8611c3bbba8d7d16687390310e2c238c9bf73da1594b7e9e176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
dc77c4d720c41a6f300a460f05d546d7

SHA1
f7b99a1ba2b84c69463357d191ea5efc04e7e6c9

SHA256
f1203d04c6da0cb46ce0b1d3f7a251918ca92c5dbee87f654a3625ee604ace71

SHA512
ec8b9d1c20bea26885027ebc67f8f18768f75a4f4185b459f1b2bc87fb43ec4f444a55f0a2c6688f1c4dfea2168630e8deaa9355e97aee1631864416c4a96f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar593E.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\??\pipe\crashpad_2788_QODNNNJQVMSZLBRA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit