c6951fe6881fd2b123d7490a3546a2607ee9bd013ac7b552f91d5b8ce030bb24

Resubmissions

16/07/2024, 08:17

240716-j66g2ashjp 7

16/07/2024, 08:01

240716-jwnt8svfqh 7

Analysis

max time kernel
197s
max time network
505s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0pen___files/!ŞetUp_42716--#PaSꞨKḙy#$$.rar
Size

2.4MB
MD5

a1a5d1c60cdd1b89a92400babbc3c2b3
SHA1

656eab017cdb623387d2c01b5c6457eca811a2dc
SHA256

37d371f1d3d4ae1b4d9bb02bc69b1b45ffb73ce51b9fb6effee6b48d1495bf47
SHA512

632f138abf42422b76097758561f82d70e3a69f7e3ab57453f39c4225e6383fa4133e3448a7d6b4ad384a56307390ebfa7014bb1a5ebe2127642136ea5a8c8c8
SSDEEP

49152:0RZ9GxmJyIkm2X/m5vxEOBoi5Ov7v6ZbSJUYor9:0R2xy0LX/a4io7vmbSJUYop

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2584	vlc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2584	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1624	AUDIODG.EXE
Token: 33	1624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1624	AUDIODG.EXE
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
2584	vlc.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2584	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2420	2840	cmd.exe	30
PID 2840 wrote to memory of 2420	2840	cmd.exe	30
PID 2840 wrote to memory of 2420	2840	cmd.exe	30
PID 2420 wrote to memory of 2940	2420	rundll32.exe	31
PID 2420 wrote to memory of 2940	2420	rundll32.exe	31
PID 2420 wrote to memory of 2940	2420	rundll32.exe	31
PID 2940 wrote to memory of 2584	2940	rundll32.exe	33
PID 2940 wrote to memory of 2584	2940	rundll32.exe	33
PID 2940 wrote to memory of 2584	2940	rundll32.exe	33
PID 376 wrote to memory of 1868	376	chrome.exe	38
PID 376 wrote to memory of 1868	376	chrome.exe	38
PID 376 wrote to memory of 1868	376	chrome.exe	38
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2044	376	chrome.exe	40
PID 376 wrote to memory of 2944	376	chrome.exe	41
PID 376 wrote to memory of 2944	376	chrome.exe	41
PID 376 wrote to memory of 2944	376	chrome.exe	41
PID 376 wrote to memory of 596	376	chrome.exe	42
PID 376 wrote to memory of 596	376	chrome.exe	42
PID 376 wrote to memory of 596	376	chrome.exe	42
PID 376 wrote to memory of 596	376	chrome.exe	42
PID 376 wrote to memory of 596	376	chrome.exe	42
PID 376 wrote to memory of 596	376	chrome.exe	42
PID 376 wrote to memory of 596	376	chrome.exe	42
PID 376 wrote to memory of 596	376	chrome.exe	42
PID 376 wrote to memory of 596	376	chrome.exe	42
PID 376 wrote to memory of 596	376	chrome.exe	42

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\0pen___files\!ŞetUp_42716--#PaSꞨKḙy#$$.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\0pen___files\!ŞetUp_42716--#PaSꞨKḙy#$$.rar
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\0pen___files\!ŞetUp_42716--#PaSꞨKḙy#$$.rar
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\0pen___files\!ŞetUp_42716--#PaSꞨKḙy#$$.rar"
      4⤵
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:2584

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1684

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6549758,0x7fef6549768,0x7fef6549778
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:2
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:8
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1684 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1560 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3836 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1080 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1564 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2312 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3868 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1960 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2004
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f6e7688,0x13f6e7698,0x13f6e76a8
    3⤵
    PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3424 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2348 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3388 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2500 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1144,i,17718994896946901984,11956499050988984939,131072 /prefetch:8
  2⤵
  PID:2484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1162b6982357c3a5_0

Filesize
19KB

MD5
0baf6f3a2dfe3edffb802f8d044570be

SHA1
2be6db2679d1b002390634d3338723ad88dcc68f

SHA256
6915f78edb2e8953a114bc4038a3ae779404b71590184fbd0c298c47925a3d9a

SHA512
6629b69497ee658f8301410157e11152e1dd580315d4304aff1eb2246263e30f0c59596390c4070823ce64969a4d32f4f4eed272d0e2dbe0739bbc10bf145dfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\741ab7eb83d31ebd_0

Filesize
339KB

MD5
37e8a9aecf905f92dcfe4a438a8c96bf

SHA1
2e53cc45c03d53d88caf2ef9cd6bf88ea99745e0

SHA256
15fb4784cebefeb381df77b991d32c178c367d42d58e2f69205e3292569c3b0f

SHA512
02833c1552ded6736c0ad6a3c03c53902891608049c616092a36c1765f81e43f8af7ac4730edefb4aec2ed5ba30f13646049c1635b6d49674163d9685b24123a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\78ab860c2c61b8d8_0

Filesize
280B

MD5
5e1446a3203fa8d1c587bb1c56f8528a

SHA1
a56ef445398d17bf8f3047135b3954b7b671ef1c

SHA256
665ca66bbf01dc461101b89839fa0af6c608e8b7c0fa4d32932c7c0ca8c46a3c

SHA512
17bcf1c8304eb2c3767024f5ebfd1f03421ae837322ec1f922dfe4f20322d10875a121297d5b74d845985609130f94d7995b4242004a94a39907a451a0093652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec5ea768045d5c65_0

Filesize
289B

MD5
11cdfe0bf8b2ca370ee6630548b02b44

SHA1
a607241ac05102f0c76224baf2bd92f48f6f7360

SHA256
31b7715b05233330c3273b04efd2703f2bd2909c05d5c5901d3c83780c5d0d99

SHA512
695a50e5535fcc2902a55d139d64044e3393a4f2c866e776a7ee82c6573abca70d6eebd9fc169f76ea07e423d3691aae77e63c22685eee1ffc2c05cb5eb5a349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
aeef8d27bc2dd2fb48e74e0956573cab

SHA1
369bb206a8a154203bb7818b02aa32f227fe20a6

SHA256
dd3b6f0513ab072e64885e3461a48f3265f6740a08bc41fc24ce08afe78088c3

SHA512
de4066f6abda1a175c9cc477cf30d2851feff17706080bbbbfe20b5984f0d652dbfe0546e6d885ee1e06effd0facbef66129c1f3946fe1648a411c9a598d8235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ee7f6c6d88656c82fcb0ccb82e0850c3

SHA1
27620d3f3615888ef37dad837ccf52d41486c7d0

SHA256
93414a8bbc8e133cdf0ee23ce4308d2deaa36954cffea3d8124b3bfdb9ef9125

SHA512
7883a8c1d0f0d26eee51ac3187b617c40384574b3cf9a2cfb9b218cb8a49ea1060ec258cf7f07a8c1b58ff055327e554d8bd95a8823b8411b8781862adcbd17b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_developers.google.com_0.indexeddb.leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8a26f12be6a643ade409c4e0b324f9ec

SHA1
f651b8f6b2de24da3fac3aa081dde4d46aed2700

SHA256
5f8e80af0c1eed22e6e1192334d1c150bc1aa93fde27efc96de9b1d94d7f1fa4

SHA512
151546a6558fa29871584c2e6a00428d48cce22797830c5a292d4dd83946b457afa381bf7de934256a6aae3a793a2d76aeb29b3fec2f1a74e1c3756e574a460c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ea0159b08c8ca7c1fd5d6e7271c101df

SHA1
23508145f8cfd9898f8cbb08f36cee6ab2bd5222

SHA256
2f3130ac1b658f3a9d43337e22ea13acb92bf9a5e4e55c3dd2ff2f3154dc60bf

SHA512
3fbf5c80eff3f1c525305d93205852575007319630ed4f8fa8acebd477976a930f44bc3b981fb58e279307b28ef445ce55045331a8ebb741c1e1c75cdf88e3be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
edb7456f083d81c4a4c91ffdfee8658d

SHA1
7ba774a4de816f577d51c66f6124d73094c3923f

SHA256
371c63db2b6b18f4bf2447bba8e4735d6a3d0c254cf224e1f29bc653bcb7f69b

SHA512
5f1c8f706f15b8e8a275861d5b581f0c55d78ef8663912a7b96a7a3bde8a6823f819b273624cd8da80bebcacf4495de3174518178177a88bcd3bda2eb7dddbdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
28118b1c0c54f476cbb1caf1094a8d37

SHA1
53e40b3a387a3c2569bbb84a08fc439d1cdb7d70

SHA256
e75ec7db8666a083ad489d6e561f9302c609d8c99c0b834098f5f571d34a2fa6

SHA512
3692f7f120d7d7f19204f38209d2775a2d2eaf004bd989add47069fedfa489ff471f08711eae92aca897805f513f1579cf06f45a5b673d9f81de343aad6e5fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
83d921800a67bb2ceff86463c6e41994

SHA1
28724876e203db877fbda64a4906144ad690949b

SHA256
da1d18c0b05be8da66f171e24d4b35732a7086894ecae0cbe3796b7c824a03c3

SHA512
99a8656ce4a8fca8c816c78f9bc7c6b3fb7edf6b0c4dccb12537f7442d0919fd9b9d37e9ce812ceaf857cd467a3b4b4928c9237fc72aa25235b4b0f61adba4c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
30bedf566e64ac1d11f09cdcc4ce3878

SHA1
c6ced3568b99892c45bdae443699fbe699b90b80

SHA256
37dc71bb577085f5775d1d8e7237e6551b77c3f1f3aebbb614f29129ff06b9f3

SHA512
63392ca78a93fac5acb7040fae292bd0f13e7633ea166392c554f1eab5648845b746cd3ec2e3e4beaac5d3e744a7b7f51f9a44ca2a122509f13b11cfaba930ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1925e02f9351a0b68fc275295e38b2ab

SHA1
5f96575d876309f569d3dab7ac9bfb183cc75d77

SHA256
ed455ce1cb57b1e5aecc9aca5ca19da9861dd1aa981c04bd6a1624a1be96652b

SHA512
314bf1d2ce9d20ee62298d38d98d1a7354c79c72c04b3e0f95d2e852b8b7912358b2a2c2e14e8aa9075f07f6268bb06a5da4e520194f203c979aeb5dbd27bad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
25bea71ca65faefa99808c13713819d9

SHA1
30cabeaa50a3ce0f6b5123f1eb86217f847c42d3

SHA256
472d591a3286cea650b98295d2385f438c3270d0fd8a8e94d7cb294a460748d7

SHA512
76f7f92cdb7ae1662335dee19e82071ca47a26d5b541f6a588bc761f368ffc1a3eaf986471a96d87f8784fb7f343467fe176ac02c8e2405de363533e77505dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2d309aaa9c741fa3871f5a29b6165a0

SHA1
9dc18d51c99691e848b973593480466dafda401a

SHA256
597dee13a3904e98d12d8ab2ad0d544798021a12a53e5f0a1af00a5419f8ffe8

SHA512
9cc84281cd027c7c7813e168e531d2cbf2e53347479fc1772482c1d041b840bc5221d08e70870562d70792c3eecd62b6acb3c0265fb36453a7fcf12be85dfc04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
401988ee2ae7d6558f4323c463225652

SHA1
c3f906c36e6a114dc5f89fbee61fb54a809bd4a8

SHA256
0b4f96c88a66e47821b7cacc5fb68f7163fd1f00edace9eb19938a03fb33c11a

SHA512
7f2f13d5e6cfe852027d76d3633b9105c63ef0e9a3a450083cbdd6a0c97e334782df3f0e6d2b62ff48b1add5691bd110e44530528a2e9eeb39f771633b8b2608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4320cefcb8c4e12a4d0ee5f5e37c75ce

SHA1
3ec713f206980207b0e2838aa0b8db5884280ec9

SHA256
5b309a2a8206e0027b6bcae05c8b165b672a4481b4b16a06784bfdaa7f35f2b0

SHA512
6a07cbd50c61f5827225c35ec7807fad6a798ce38f77fb6ee75d5f1f6092a86ebc88d6bfbf58d8c505b91bacfe8a551f0e524eac19abbaf8a4618e57ee5541bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ab82578150e6b2dfb943f1e70f7ee4bc

SHA1
acbace546f97ae0f538eba4ffe3746f0e4ea985c

SHA256
e9bf4375846d7670b9670dd0d2b7ca94fd8795e895041045bcbc060f42511380

SHA512
64253f7e79a4cd092f8c1e7f82213bc025e3f037b0aa67fb35ba53203e61b9a6705119838c339d28f29b1e3d55f3fb499df3e3a07ab8b9a2302f09de58da374a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf7a386f.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
307KB

MD5
47d9266226f7bf5e58a3e47085c2a0b9

SHA1
8d46eb5e82223f133990248a9ea830caebb6496e

SHA256
30f2072576ffa845a43c2ebcb6ae3c2afab11be90f20d97ecee21493b2941ee1

SHA512
dbf1480e3ccb1b2706271e76a5d23b0f1812bc21f0e2ca6fbd796a9a65980cbce89ff925dde45799c95b6c9b33be69f16b78275f5990123faf626f02cb28a6c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
4ba2b324f98011f25622a2b7a41d2d99

SHA1
0a11a5b8cc512f58a322c83e56a33725e97cdccb

SHA256
78d2b4dc457b9d018032c4d2eee5021ab1a2065b16e328802c2ab0c527837c26

SHA512
032a627d81b347e717537972d7d3002f9f1ed1a01ea1aa5d08e786a8bd4fa282503022b55b4ad9c5982851284a9f41b5fbbe487cf71da3c1b90c18501f8f9e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
e87984015df9e2939cf6f0bf167b8748

SHA1
3d88e4f10584eb66d463ae2035f0a4bb9eb54f59

SHA256
25cf98fadabbcb928c28921505be82c099c2bd6aa372da035a28dcfe7c26bf1f

SHA512
f9958ca55961a56ab0e3410d049ae3b119db43cccbf3316087bb3931d4688fe54f293a440a8c4e543ca949e5b21f0ff34e0655c20d3525958abe12545491ff3a

Download Submit
memory/2584-42-0x000007FEF7BB0000-0x000007FEF7BE4000-memory.dmp

Filesize
208KB

Download
memory/2584-44-0x000007FEF49D0000-0x000007FEF5A80000-memory.dmp

Filesize
16.7MB

Download
memory/2584-43-0x000007FEF5C50000-0x000007FEF5F06000-memory.dmp

Filesize
2.7MB

Download
memory/2584-41-0x000000013FD80000-0x000000013FE78000-memory.dmp

Filesize
992KB

Download