b6efb0b97d5ddbed6988fac60577cb0cf229535cb8620001ab2b32f860ca6cd0

Analysis

max time kernel
1559s
max time network
1571s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 17:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

antagonist.exe
Size

56.9MB
MD5

3e9c2d34351771e5dd200ca4198f8be1
SHA1

b321690f19b0083fd0f22adb75d819d862558aa2
SHA256

b6efb0b97d5ddbed6988fac60577cb0cf229535cb8620001ab2b32f860ca6cd0
SHA512

58b23d6ddcfdc1a091fb0472d88698a37b853500f5579098b703f553b119171217ae0b4f3ebd330ce053428ba4c6756a2676f6ef823114f7f1eaee1a39d4dd82
SSDEEP

786432:WMguj8Q4VfvYqFTrYEgCmxEJP8l3wT3q0+Gra4W/9AcX7PXpZ:WiAQIHYkHuxcxqXwo/9rZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2748	2644	chrome.exe	32
PID 2644 wrote to memory of 2748	2644	chrome.exe	32
PID 2644 wrote to memory of 2748	2644	chrome.exe	32
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 3020	2644	chrome.exe	34
PID 2644 wrote to memory of 2184	2644	chrome.exe	35
PID 2644 wrote to memory of 2184	2644	chrome.exe	35
PID 2644 wrote to memory of 2184	2644	chrome.exe	35
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36
PID 2644 wrote to memory of 3028	2644	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\antagonist.exe
"C:\Users\Admin\AppData\Local\Temp\antagonist.exe"
1⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefab29758,0x7fefab29768,0x7fefab29778
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:2
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2348 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1632 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:2
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3276 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2624 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1520 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1904 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2120 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2428 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2508 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2396 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1140 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2136 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2496 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2364 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3696 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3956 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2648 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3464 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3712 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3392 --field-trial-handle=1380,i,7875056015166406730,7212792791115235300,131072 /prefetch:1
  2⤵
  PID:1944

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\35666887-a4b7-41df-ac8e-7d16ba8752b4.tmp

Filesize
306KB

MD5
9b3037ea3d42a79945d90e7cc10c2c9f

SHA1
9b78a40449b7b579e197f914d9bfe2d9a4f6ed76

SHA256
edda3216d9f0e480bc028f73d90cb3fe5987c6cdb124e8f8546d23c510545eeb

SHA512
1ea37896c6a882775eeb9b6e4d202e4098242b90f0f54f108d0381ccb61d4538127b04c7a799e687ba2b206fd64f94da2908892aa9593f4386e5e256b328b317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e5c1dbb6b578b124d2f7e5a96eb8fda7

SHA1
1a94250fd8413da0d67e087da5869a3fbcb43d29

SHA256
4c2062dc6b9912e48f27b49f64a8cc137833ba9bd501ad890e9c5ae3896be82d

SHA512
32849faeee2781d14fe64ae0f768c764b221c65f691f16fdb48cbdd86737db63936c1232a11f1d1d7a9fb9f723eb92032ede3b5d2c33134189fb0927c9a1021f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cd2026c92770b7d8118ddec39016a5b5

SHA1
991a43b0c9ec169ecbc5bddefb490b15246a86eb

SHA256
b9e57f0dde024d0db0486002f94010517d71b072b6947512a724e03d213b6c79

SHA512
1320934fb60595d9e2f3a7e1d8c0ca807b19adb439ca97e9f955d4665e9ed0bc8bea0c29451b20dd732ef12ef5ef9e4b2c8c574046ab530515744d8a3f7a4664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
38eff63575e7f15a103cf9c0c498ef93

SHA1
0a85e78537abea4205dcacc506acec4470e365b5

SHA256
4cb17687cad6843f2722d56060063f1bf59b8ffa909b00f7972632b70d857e6d

SHA512
b67955728cbb4c523b7c6fd3f7b36190d9e6b0d047c2d280892b0ee9854ce4bc98ebd3e07cb0349cb926725afabea967a4736db1dada92855fcc318631ad5d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
6ad96b7673fe1722fea91cfa54751556

SHA1
f2ac99f388fc38e025ce4ef9aa12c6a681cd1dff

SHA256
183f3a72a3339ea05396e63d77f9e254df53e33fa72a298ae7f169843e015cb0

SHA512
21515bb6bc700927c0f8ca27f74a05c9ae156b4c75b52f06e66c9815e9c0c1bb7b986aa411e14750f0e9a1551e64960fb07c72ac29d7eacd132e599e5dc3e00e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
e7013ab0f6259aaadca15e3994e91fde

SHA1
e6b9291bd81fda88fda1040f79b05ab2d7aa3102

SHA256
4034e26c5fcc3e720e5f231fbd064229b1ca515c770bac05fd2b09e6089e57d8

SHA512
2883f49538c9c93cf54c0ef2f01492ca1688d064dd93591714917e34b4981194192a359c37b2d828fa194d8b898bda1bb5d4573dbc1c2e51e8f517518c1bd099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
744c43f89b64da6ab185a65532ea3ce8

SHA1
d4b591f9abecd394e74664f1827b2cf2dc3f9b2c

SHA256
c54456e2960a3cb7cd9ff8d8b25bd55e53b85472c6c5cd53b2020944ee72882e

SHA512
f88c988100597043c9959f3d1697211ffbdd231fa1367ed276825607e680f6f1cb9753916ba0e75f4c42103bff33b313f1b37ecb178e9a3bca0115d05c675455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4f2ec65f1129cfb31cfd4a226e1c18f3

SHA1
35567d7f8c511c69d76a70aa052ceafd7891ce02

SHA256
1cbfde361494d0011cbe30c352b522f953a5e348f4b161991adc6df47592a0c1

SHA512
6b494b0f5c5c26374c816821b271fbf4957306445a9c0beb204f91a95a2d0773fd4be926e25bf5b580522cc5f8ec77b444406aa52ae28c11f3696a60e40ff802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4ddf811d46b0648f4bfb4ebbba308607

SHA1
caa001e58c947e61d1c9edb942486adb169d8191

SHA256
f820fd4e175dc15e75bd4b74f06e8e410ac370feb10ee0cca6f453f6013c6069

SHA512
8759bb0be22cf5278afede186a84fc0376fb6dc75e21fdc8275b33b475ad79c865d25f620bb22c879878d058d0f87991a1edb9da8c622c99fe8046e8edf3ccaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0fd67423f7aa6f83e4e40f5f49bf3802

SHA1
521cd4a8f5865017ed2a1d5eb470ad683d6b2c1b

SHA256
51268bde76aeded4c078d30e42500314e231479b16ceca59f6678f6de1d9d4ca

SHA512
10082cb12d474ce6a7370d1d283ee8b6a152f98d79be64e58e8f132a7635b80c74564fbc0b46149e44a156c230a6bc6f9e4008bae7eae020abfe3ced988554e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3d4f40b35f42b5e28b0221559b40a17a

SHA1
49adf81f8f64dc8853a6840a121176871d638759

SHA256
0ce7f1a9ecf8adfa2f51cc4dc8f871ec309b86e555b2fd36023515e396a4c054

SHA512
6f92f3e6fa22cf52d1f82cc7992bef2799726b1bcc1c4e50a5019ab7daaacbb0b4ba294c9e247796532923cc8f2814bf1ad6a23a92edd6d7b54b8f063279e85a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0cc58e4ecf00cee505772f74b84fb285

SHA1
cd6ce474bb00691751142ce39d0fa78f03ffa215

SHA256
3bdb9c6fc12ecbe0cbc755ddd2ee37b8087ca760f8d97655f51e3ebc6dc2b169

SHA512
dd04bdb3e413d17b4e084c8d59a2e3cf35fa8bcfd5e27062456a80e5a93ee3b7d091473f46af3d1ed88ba3f60e023eea59c97bc10f24bc28893cba070a70a07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d873ede2c76a415022242d6d0f997f3e

SHA1
71237a9d1963a9e38dd26ebbb18a3d22b9644457

SHA256
5541ea9e65af732f0f17f65155dc72435c60d5e205df0e2a292f5d8ce2950204

SHA512
cddf276ec27bc62a4706e70067b6e04eaeafac33625948463fa3088bbe88c8cacc806ed17a3cb0d23fad2abc0e6a4f72e4ea74498f9e8968d0ebb914b621fb84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
fec0d53a90e0645d1b5c47ecf67ef5f9

SHA1
83910de23cbd034a2f36f7d542bdb7054cdc433a

SHA256
f537c82d9c587ec64c125a8630dc34d3dd61f9dc03749af117ea33e353ef592a

SHA512
b01d085269f0a1c5d327de4e736cbaf4337e307abd88a81ba43449e6268bc99f88f635203a3ff98a292f5e5a8a0ac1af0f6da452ff68c7e691eec1a3cdd0a768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
65029f221b23dd3c72f0d5c0c82cd657

SHA1
691e3a47b8af7ab67162ca14ee0e87ffff71fc5c

SHA256
85344b696edaff72fe748d4a10b5690b177c8a1e4fc3c29f18730fc9b2df24a9

SHA512
611d674be3964ed703234a16b8e4ac4b90b3be6a4d5623830b5b644c45c06735ae5c69324899beeea62c624b6b0298920e1fb1957faffa0d77043e8e565f2d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
694300ff3df45aedfa6e4a45d3068e95

SHA1
e43984e018cf7353b07b9bf912c9f4b1d146adf6

SHA256
ab22295712cd570a7c9f1358e283f42180ac43b5846faaaeedc1591cf354a6fb

SHA512
af2e694f0a0ee33294442d1103b57d21703e51f9880a27e525b7d9549099fd8bc42327e3b371e6df19cdbc9a323e24baecd749c919a42bd25249e24d84f2a0fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
7d1899a2c970421f5f1e2000ee5c3ed6

SHA1
23b04edfdcbe9190530d6ed7a3ffe17b9b5cc2e3

SHA256
b34cf324e263e9633006be7d9e1efeb2a906226e593c4f68ba5e9448f043a9cc

SHA512
dd728cc953e7e85c701c8b8b0cf19d135cda475b8f3971d90876a78409015cef00f82f1f3c6c8718095cf41707454de649c7bf6e2777a5e6ad448290fa4388e4

Download Submit