3c68baabc345c58d95825e548a395d305775b7f0313ec42997c17870ea6a458f

Analysis

max time kernel
55s
max time network
148s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MBSetup.exe
Size

2.5MB
MD5

6107ffe4a1a1ee9eb2453ca669791ac9
SHA1

8f69617ffd69adab260500ec25d5ae50cc49b882
SHA256

3c68baabc345c58d95825e548a395d305775b7f0313ec42997c17870ea6a458f
SHA512

305ed565d5b61271e3deac9ab254ce2d70c031f4713c9b37212ea56ff061b8ce0afb5002c02a5252991c506d217f3f6aad439c192384646432f2ae71c252fb56
SSDEEP

49152:u5wZat2rFnBQjvaq/GM6+StQyfvE0Z3R0nxiIq2dd5OAnp:u5wZauVBQjvLQYKtQRq2Hnp

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\mbamtestfile.dat	MBSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2548	MBSetup.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 2724	1312	chrome.exe	33
PID 1312 wrote to memory of 2724	1312	chrome.exe	33
PID 1312 wrote to memory of 2724	1312	chrome.exe	33
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2684	1312	chrome.exe	34
PID 1312 wrote to memory of 2032	1312	chrome.exe	35
PID 1312 wrote to memory of 2032	1312	chrome.exe	35
PID 1312 wrote to memory of 2032	1312	chrome.exe	35
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36
PID 1312 wrote to memory of 1072	1312	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7399758,0x7fef7399768,0x7fef7399778
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:2
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1132 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2812 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3812 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3456 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2968 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3016 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3952 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2076 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1208 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3920 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1976 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1060 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3032 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4156 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3696 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1148,i,9815897391927814977,12667728946773094463,131072 /prefetch:8
  2⤵
  PID:2860

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e86b883aee8d89ef7d012e58f4fa35a9

SHA1
f8b3c2e4aa8495c3eb4e93eb3ad37364a854e770

SHA256
d006537f1ea99ed31aa2a74b0e042d1a7f0b496c42f8ea4c582512f667e40bc7

SHA512
3350ed87c0c6e93c59d9bc4b509b10716237c10d972bc89379dae161982e156229ba5a1ad048b77be5dbf88f30b4ac76baf273cd5723c2eab4eb61975c678663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29f83ae8953979f1dc241dd694e1bf9d

SHA1
ef154a815db137b04ae49c0a6a0b5f1884b22172

SHA256
410503be53da5c3dab675058c1c1ca410e1437e5c6aab5c187d51d468f881fe4

SHA512
a568169c3b03724f618ec7b181dda3fcc8a87dc89c510026dad49db2f7339ac1d6cbd1f1b91a23496dfc79b586f6bfad4c2703945d5336163143f40b4242a92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\014c7d19-f76d-4c2b-81c0-942eca33a11c.tmp

Filesize
7KB

MD5
c328657f9f21db62e67cc40793a1ff78

SHA1
1a85bcaa6532d92b3ccde817b5d066c3e1a762f5

SHA256
3d7d165a2d652f502d9f096bcbf2ebd2eef6ea2ea7e061a15fcfe941f6950eb7

SHA512
98369f7a956654725b7001ee659357098b3fc9912ed483b3edb2dabdec2488d2a30efbf5ae8042a19cf564fe4186d4bbbbaa845234c79130d6b25aadafa982f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
7a26381219aeae9e5dbaf71587bd2abb

SHA1
2d6a8bd7904c7b058dbc8772d90f625ea8ebcdf6

SHA256
50ac84fdb753165e2dbb6a04db9d1d6f83fc3980cd0309609736e99a19a0b575

SHA512
1c11cc1b963de4f1ab3f917ffab7f95f4c640d40cc1b3da66082d96303ef0a800b4412b759315ff2cf9d70747a7434bc3bce85de013b159d192e2d5feba72a4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
993fd755231ad4f7ba573938bd2f3f80

SHA1
46515616fe0615e7d5888b318de20843aa2c257c

SHA256
3c3fdd5f0fa0815d80dbe2c69a5a5246b0e79a85b94b994840ca178be1873c8f

SHA512
8e328f038221fec9c0227b8fd92a5aad40712767e66926288ef420c3ee89112a34576b65c5413933fdd6caebba2bb3b20773f30b7e58063389756b30f482019f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c274cc0151b2836af678d2285d2880eb

SHA1
f4284912668739356c5f7aff4a928d0c608cc110

SHA256
548547148c4cb9883841c0d259e7f9b9b039bb5ab50ccc4ecb44b28efe1d6940

SHA512
4e4514dfd26949b24bac406672b90dda9127455678fda1fac825687a3faabb602a12602f62da55557d21128b0046f9d5506800929cc9b443ebfabde0f5fb0b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
67304fd1cc80c719afc76525b379b178

SHA1
03ca3a5d6866db1627324a10e34b5316cf8e811e

SHA256
9ca75c4d8e111212566a12510f1ca3503c6fce2d4632b53654db1a3367b8ea6e

SHA512
4991e50568ae2275358fa71e4e09b655115f6579371250f0ea2d1db0d3f0c32c96831f3f926cf139b849ed0ce3ffa290aa35c642a545a83b97a2ed15ac853e5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
7aada45976b9a19eade0a46856d5e1bd

SHA1
8d7a196724fd906c0c36719a57ef1cd17764608a

SHA256
6ebdfc15d16436dcd99d05f46e1625de6d174bc9aac2573a0bce656350db147c

SHA512
10ba6e2ccf49c51b5c4d44fcac1d12ff26cf66b37032d5fa83d555e4646050b85a2109c37728fd358b876a8edfaa8dd27fc54707e8598fa0d408f5f70c7c5754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
6cd6972b8cb201abb4041f699b0dc456

SHA1
0dbbc94508ae1d6399f71e6977660acefd7e6f3e

SHA256
faf0959407d1ffbdd84c43d799ed489b2949391a8c79a8f275ecec78082cc84b

SHA512
e92171862ce694b5223b4e85f0d6c8cebd66a681737cfde5daf1f980491058ed89337c7eed52c0503b2a4f8d3d37db5f043a5e95eb6a9511913f65188d1c3c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cad2ecc017b84569622f99ec74198890

SHA1
747ba7e62176a28af1ae888320a23f4d2d4d26c4

SHA256
e070e365221e30198c260ae3652f34d0b949b83000efe989df969a48ff95ed43

SHA512
92e7c9beae92b304d81df5c99ed2decf6d02986c5b42896e3d3c3377a64a8db7196902fae34ce365bc678ee2a6d59fe51685915848f605697db142f5dd918651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
36ee1c41526ccbf92736616da10aa0a3

SHA1
25ccddf8bea3b5411b1974c93fbcfd28c04cdfe7

SHA256
0a26eff9ce7055d2cb2dfa14dd31ab52f378a69564f4e1f644cc8a7ec50143cd

SHA512
4b7ebfba46f6d0a2f82f9ba51de2eb3317fdb4f96f58c15bdbcdeec41b7f603ad7d8d3abbd35e962bcc3e52f79522ffa45fc24935aa26c2ab013d1f2ce6be4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f0e7eee069b0a24cc3c75b78b3279b75

SHA1
de42dfd3e52e0a0087cc99ad55a5a7ca8de5b040

SHA256
7f2565318dbd03476ad81fbc8cdcc5dba34ded819668e83d6827a1376c016eae

SHA512
bbc6e9ca74da7f4ebe15a2b7b3f67dfc72f8d5b3f26d26c3f5f555efb6b1dfd60656e42fdbff531d2c60ee2f386bc4502e6ca5b2223d36c0ff384e6d9308a496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8bf1ae561bac766cf3036790ae06c452

SHA1
2b186e6e17a300c5ad250c4ed8b9dd6788a0609c

SHA256
8d23ba1362c0f79a826c1d7bc50b7db0aaad4c94fd4f1b3ee3c67c094808ec6a

SHA512
47719a007fda1fb7ca8e7bea1d8185d95575d396ab7691316c8b8718f22dfece02254ac6203cbcb0baf895b8291b133f03744f0291b621aee58e427d7dc6d234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf77c7b2.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
954ecc0bd955c217baa868690c2a6eda

SHA1
62aaa81cd9ae9c1f3b3a2881e7c1dc6f52d872d7

SHA256
9afcdb5be00ead93dc58f8c7b2c977d57e9a94b65284173e47531879d2bad1e0

SHA512
6a0f07a692e6773091c3b1b4c55d1a5d7fae35554f5300924b241954f67ecf62e13a921e9f108eb0651779b945aaffd172f33e6a508ceb585ed51442f8d9978a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD377.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD3B8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 657890.crdownload

Filesize
193KB

MD5
ae3b61867b3397ac509998a4640eae0f

SHA1
1e6cc158b29e3744104bdb0b782c4981a657de63

SHA256
62edf170bdcc41edea85d33acf3eb85474258699b3d41f9418d286c836cb088d

SHA512
6e77702af63d9eb6e83adb01aa96a6e057811f524a7787ae48519cd85352f142c30a35f9d9c7794164726eb11e12ce664da6c3a40c8ada3e0294063f38f4636b

Download Submit
memory/2548-184-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2548-40-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download