d53a7858a392b314ef7e63d5d8d2f7fa8b6067dc0b9cc926adf219c0c4c0b768

Resubmissions

27-06-2024 04:16

240627-ev281ssamb 1

27-06-2024 04:09

240627-eqsh1s1gpd 3

Analysis

max time kernel
82s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZOD-master/README.md
Size

1KB
MD5

6e4616e9582ad27dadf48c5b62b53cca
SHA1

49c76a22735223a85cca9f46c62b346c7e74db78
SHA256

e6452e165b2c3e6056191326033ddcf8fcab36907bc6fe417954d5cb818a54e0
SHA512

86763d4487f75e182fd329c58b400a86c9fcbd5476748ee321a10d493b9898cabc96855d1f5a04a2258db149aa79ee870f2f2fcf351cfdce843ff497f025e3d0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\md_auto_file\shell\Read\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\md_auto_file	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\.md	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\md_auto_file\shell\Read	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\md_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\md_auto_file\	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\.md\ = "md_auto_file"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\md_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\""	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3000	chrome.exe
3000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe
Token: SeShutdownPrivilege	3000	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe
3000	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2476	AcroRd32.exe
2476	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2668	2912	cmd.exe	29
PID 2912 wrote to memory of 2668	2912	cmd.exe	29
PID 2912 wrote to memory of 2668	2912	cmd.exe	29
PID 2668 wrote to memory of 2476	2668	rundll32.exe	30
PID 2668 wrote to memory of 2476	2668	rundll32.exe	30
PID 2668 wrote to memory of 2476	2668	rundll32.exe	30
PID 2668 wrote to memory of 2476	2668	rundll32.exe	30
PID 3000 wrote to memory of 2896	3000	chrome.exe	34
PID 3000 wrote to memory of 2896	3000	chrome.exe	34
PID 3000 wrote to memory of 2896	3000	chrome.exe	34
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1976	3000	chrome.exe	36
PID 3000 wrote to memory of 1656	3000	chrome.exe	37
PID 3000 wrote to memory of 1656	3000	chrome.exe	37
PID 3000 wrote to memory of 1656	3000	chrome.exe	37
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38
PID 3000 wrote to memory of 1192	3000	chrome.exe	38

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ZOD-master\README.md
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ZOD-master\README.md
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ZOD-master\README.md"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2476

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66a9758,0x7fef66a9768,0x7fef66a9778
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1436 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:2
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2164 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2740 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3852 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1504 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2316 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2284 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2612 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4136 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2308 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1820 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2280 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3556 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3900 --field-trial-handle=1380,i,10093588382821924749,15874281092051716703,131072 /prefetch:1
  2⤵
  PID:1064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
9836cec0a96c549bc4cdae376f99d8de

SHA1
89f3063921d89aa969010b18552ef4d081b8838d

SHA256
eb934ba32355adc22437aeca7950ddf2e795417b305353342988e7f167976db9

SHA512
d683bf06dee61c23ab854cfa2032dfe46657aa03fde4d74ade942540df8243c76fc9125eef435bfce45197748a7ba8256132001ebfda52ebe10ec91fcd3d5354

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b52707460bb95302264961943d2cb337

SHA1
cb77b0cad27c2872ac36ac395554278724bb914c

SHA256
805d449fa30f2bd9672e93476564ee74acadefa3d88a538c5416e914d70c0cfb

SHA512
59153fef5a142b544823834eb9e5ae25980777a5b60a3aa53c5e781cae8bd1c2114e9c9caa19a37ad5e25aec332de57989a21259ade9281c5f5586f8bd9884fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
796f46c285b3a58dcd0915010d90810f

SHA1
dc01c05af5ac2f87e051134a0b19c43885fa9a4d

SHA256
ee15d4356c9c7c8881384bbb5fc8a639791e312bd7698b24e157b1e4fe681840

SHA512
7aa8a00ddf8147a8d7b1e684a73c33f346a994825f9c8d34889e64319d013db352a2835d0862c1f2acec2b7caf86e7bc5578d0f5f5a89ec60619482a55342d67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2da5a621675ed1dae9fdc84666e08410

SHA1
45acb0d2775dc9cfb091b57ac7b81577cb9afa84

SHA256
a5171e2fddb42bf403e670e5ffbfe07f0898e5b26f06f423a6598afeee092890

SHA512
12a5aac2b84f84f7d3b0adfc3d977c9ddc4c31ee6ed178adfc6307f093e5ef806e3a93dae38b35869e72289a45a9a186a96401ba13165b2fdccb77dd80144099

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8408fa77986bfa688efd9b521e3fcd93

SHA1
a0c18419441c0268c7684d2b6f7890b41ef32157

SHA256
1ef22d5a943b4c9ef1d37c888e01a137431787e807fc6f22d239662c05e35450

SHA512
7a1b2664ea212c82e80744dccbe0da7e4c6428705eef4c734a6f47a80a4e194ab526cbc0c39e64f150dcd19b35708ae6132798a0fe94d64e6b4b4978299a37a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
69KB

MD5
2280e0e4c8efa0f5fc1c10980425f5cf

SHA1
1d78ccb26fef7f1bf5bf29de100811e1ac8bda23

SHA256
b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74

SHA512
b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
328KB

MD5
0c5a5abc7597233afed941022e160e2b

SHA1
abffb268c2eecb25f56dcf630582668958590c90

SHA256
605cc0d7c4a94a7b170beed016b41c017434e3d37bbd791c5e4242f754cc5c28

SHA512
8c88c8e79365407198bf9e0ac5c834698e3922a9863cc8faff0ff78920cb56ae74c0d084d1b6f6c1014ba8d8465f0d77ce3514ec2dd0f036427496bf4ccf76a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
105KB

MD5
b9295fe93f7bb58d97cc858e302878a9

SHA1
34c6b1246cad4841aa1522cbd41146f9a547e8c5

SHA256
c0233c9b273aae7df532a992e710aaec409455b4b413b89a25854e9fb215c36c

SHA512
4c44ddbd35807653a60e2718dbd2ea85f09d7107b270045bcc2484e2a0ba977fbbb5739236ce7edb71d584c8f68df31fa3bdd03229eeace60c19662469adafc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
9f1dfacd605db000f49f67edb3cce1b3

SHA1
d53f094a244af8ed0872eccb1b390710f5a986c2

SHA256
edfb5d9ce42f29ba3afb50590a6a5ce4d93f5a9925cafa0f8b2ad73183c7191d

SHA512
c992b755aeaf568fbde1ecb751a5f042413ea3a8f48c5b74b53aa0ed18c94efb0a2507b9db309a019b72470d63f1d3d86f3d767a39f377c902ce752149d13784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf781323.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
bfb293d6fe4ba2c4c6661f204b3d066b

SHA1
9dbed11207574578fc0de83ad91800b01d07d447

SHA256
5304542ac63e5c8a0647a9ed14ae783c6b48e40067395c7a30c29410562532fe

SHA512
6def826a3af2a6283129160d1f6c1e569d4c1f327058f53e2a7169fe396db63c929a20a9d79ab42ada93dffec415af27adedf53b373b12a1dcc243078575d749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
0fc115fc51057bb6a4b47c35c3c61572

SHA1
462d3499d884543e0a8228d61fe5554fefce2a83

SHA256
932c422b4bd0ea85cd9d11c54208ce39e7d3f29361f5b89f6ed21e7cdb218f29

SHA512
5db8ac3262aef46865ee538aca7ca71ff72caedf1295daea4e492664fa4d2dd9502b9df4792b3b5e99b1112a510349acc01c59719989f09436a738bc72ef7a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
afa6617390bcc1090a5ce2006e84ec07

SHA1
dce05b95e17f1971a304f17724921ccb9b4b69d9

SHA256
2d1b3a76bf66e278d0ac93d3618993f3a8fdae2b729e22fb1903449a25a01cf5

SHA512
bef5adbe5f6add93334101fa261aadf54ac482ef0e7ecfd559a7902f36c32edc589ebfd7c2d415cec71e9f60509f5785b0cd09237515a7147b94652785339a6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44731e0865f3fb275c172d2da04129ae

SHA1
cec4eab7a7758ce2affa3c3b3c6f93661ff21f40

SHA256
02a6d087fec40fcd4e99f5a7df57c0d4d5871f465e49bcc147185433702ff147

SHA512
4c9f94f163f1dd19130388d6af0fcfda7929512a2f9a16a7d6840612a492745adb17ed9a88c1c5cd5f68b932a7196c48b1eb1327663c80682ad11a03556bedb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d9aff4eb93fecdd70484a4262a08e5d4

SHA1
9b2d60d9a7cafcaabf73e12ebb897b521b5f165e

SHA256
09bb88fa90c3ee56cf8338f6f120bb070169ac855266fd3cf032e9461b26ce10

SHA512
34ccffe895009c6b880c78d31c1167bf9bfa96c185ea9940204495043a0384d0cbc894b510f0d154f0662c432b32e0d3d63fb1a9f13242f614334c3d7cc596a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d0d07aeab2b23b1b7b907cb1fee4c364

SHA1
63fb31faeb6ed06082f25e0052b02411ed693196

SHA256
f3b1a26d34bb898761a7644d64bc47aab6688dd89d14bd96d5f2083b7402295b

SHA512
3938d4b342af95eb2f939fa38e6bc6e2c42587fe0d73d26235a337590ffb205bc8de28af577804586c1f57440c9953bfa92e6f93872a74e1285e6167be4d41d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0ff93f39878fcb48dac63c9125c9b506

SHA1
3dc7d0ec11c69ce9d93c3a4e10b03a438169a9ab

SHA256
9bd18fb886be8d9672f6bb5a0ab2a7889cd910292061f2e5944d46decbc796a0

SHA512
1d1d21d84667e3db633239410a34df33967a695693ccfb697d3941d01e951c15089b9b6c8196fe66329f4be027f212ccdf73acc0ccf59b634de4128652c1531b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
106c4b79cbe3fe60a023c071c6e822c1

SHA1
b8036e54d7c5d264d79fd66bb698c2a2d81831f0

SHA256
e20de0c453ca5dc071e2240f8944a02f957aceb1d644c6270a8cd311616f7b68

SHA512
00e4c4af303d064219af38e251831e70170bf57cec0a03e40f8f2405ca2cbcda5a93c90aab819c646ae590be9ae300e0229bb39452441d340ca05670e64e4d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
3446d75ed299b01be20bea9311f44202

SHA1
f6e19940601c61c94435650ee7674a96c8c0212e

SHA256
725ed043130f4ff7a6168ae796b3da9f24ebfeec743dd46c56b2b923ef5a5196

SHA512
e8f9b07a332662fb6d8a8916d2566b58f7a4be7bf84e8afeb2c8fe28c11f2229347d4ca063b2172dcc4390a0e6c1339369b7cc25df9e9cc1ede27f5c6e7a2ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar737.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit