75394720eeac13ec96807bcd1b2f71da6eda1ef8976a2ecb1bf715acb4701f85

Analysis

max time kernel
916s
max time network
858s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28-07-2024 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dist.rar
Size

37.4MB
MD5

8a8a9030d173404c2a53af079f2b71df
SHA1

d571676f253e9d699fe44049b4b3722b31b129bf
SHA256

75394720eeac13ec96807bcd1b2f71da6eda1ef8976a2ecb1bf715acb4701f85
SHA512

704e7988d3b0bf9155246e19d6654fa40f3e184d917532958678365d763146ea3c52f302d5e3518bb0eab2bce54e0c591d1dcfca11a800ec1158dbc173b2499e
SSDEEP

786432:P9ZQFyhDHLq8tuFiQSVKOFIoZToF7pre6LJQOsdfBJLf2btHjndof0V9:Pg8hDHbtu8QsIrVNemwdfBdf2ZO0T

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 22 IoCs

Processes:

rundll32.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8800310000000000e458478c110050524f4752417e310000700008000400efbeee3a851ae458478c2a0000003c000000000001000000000000000000460000000000500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_Classes\Local Settings	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	rundll32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

2964 chrome.exe
2964 chrome.exe
2964 chrome.exe
2964 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

rundll32.exe

pid process

2740 rundll32.exe

pid	process
2740	rundll32.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

rundll32.exe

pid process

2740 rundll32.exe
2740 rundll32.exe
2740 rundll32.exe

pid	process
2740	rundll32.exe
2740	rundll32.exe
2740	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exechrome.exe

description	pid	process	target process
PID 2280 wrote to memory of 2740	2280	cmd.exe	rundll32.exe
PID 2280 wrote to memory of 2740	2280	cmd.exe	rundll32.exe
PID 2280 wrote to memory of 2740	2280	cmd.exe	rundll32.exe
PID 2964 wrote to memory of 2708	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 2708	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 2708	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1152	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1560	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1560	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1560	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 852	2964	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dist.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:2280

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dist.rar
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5cb9758,0x7fef5cb9768,0x7fef5cb9778
2⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1336,i,10197844747580927102,2436277196140554400,131072 /prefetch:2
2⤵
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1336,i,10197844747580927102,2436277196140554400,131072 /prefetch:8
2⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1336,i,10197844747580927102,2436277196140554400,131072 /prefetch:8
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2148 --field-trial-handle=1336,i,10197844747580927102,2436277196140554400,131072 /prefetch:1
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2160 --field-trial-handle=1336,i,10197844747580927102,2436277196140554400,131072 /prefetch:1
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1336,i,10197844747580927102,2436277196140554400,131072 /prefetch:2
2⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1336,i,10197844747580927102,2436277196140554400,131072 /prefetch:1
2⤵
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2748 --field-trial-handle=1336,i,10197844747580927102,2436277196140554400,131072 /prefetch:8
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3708 --field-trial-handle=1336,i,10197844747580927102,2436277196140554400,131072 /prefetch:1
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\93b2fc63-b9fe-464d-afa5-59e7b0e78ef9.tmp

Filesize
312KB

MD5
b32b70764b52d7e62843aefc9034a6ca

SHA1
9e0b23fc0e0c8edada78cab3e78642df2ec4ef65

SHA256
714dbde16bcda749d2f71e07668c7fe0748621e9712acd4c2ffc7a19d20823ae

SHA512
ee7fac25e1c95a391af06b66a9cbadbec689c20012b2b56ca53d21fcf7c816566e837c735b9d16c9c3ba96cbde7f1e6d081b8c4f93b230bfa0ba852b9bc445d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
55KB

MD5
4adccf70587477c74e2fcd636e4ec895

SHA1
af63034901c98e2d93faa7737f9c8f52e302d88b

SHA256
0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

SHA512
d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4e61b67434ef8b0a_0

Filesize
343KB

MD5
bff362ed57ef350df0a955bfe3bae634

SHA1
5c5f38c9b8c491ada359a9c7f709931960856c46

SHA256
699e6e29a0d6b261bef66aa9edfdba406c3b7a6f123172b458aaa7a7caa51429

SHA512
6873da6e94912aad30f64eba07b68f62fb57afe41355ce5c8214dc6ee863172384581c7c1434d09aaacc0944f3bcb638476366b1361cbcc347800b533fc2a820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d57eb0f0f5e6dc4_0

Filesize
19KB

MD5
8d677277f9888fdce6cbbb661889ad08

SHA1
624c999ee11c07979f32a6e997616f43a121584a

SHA256
8a9818a8c0ce5503e10b5bf703d368ca0a06fc1572d23cf03264a0698a9b47be

SHA512
35b43ed43088475c09f85cdca60c924eff5ca12ecdef5cca9164ed684312bb375e520066138dcb9957f3923682dd8929315150701f616d938077e97eb71c7a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aedf9fa31147a4fc_0

Filesize
280B

MD5
66c21175357cc55d931f0975fef532e3

SHA1
a0bca32fad357b7fee19b182f296270bc17a840c

SHA256
5fee046129d1b1673cadf1c388ac0b622a93c6ec8da1c010a57ce5e7613c9125

SHA512
446dac430c1f306dcc2bc1bf4016f1fa2a6741f0ec42ea39727d4cf5a2912552d6977243167670a77f569ace089b7e1865b000f797ba2b1cb0a8a1ea4e117805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd161cdb009ae2f3_0

Filesize
289B

MD5
1b82b0bd60a5e45aa83d5146a73d4fc5

SHA1
a3baec473083afeac79625c2e09ab2e80f9de3a3

SHA256
71370d06fab542f1c28faafc1839245e46f115bc671dd0deb1c3724c5849c2c0

SHA512
1f28e70c13c1fe1eb6e30c75f30bc796c1b004023fe8963b5b6d44decc1a72309c5c9aa95ea5faf83e07a3e48fc712c9be2d0e8df0d3fd220242adbff763364f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3b0e62507e55ae4cafc9b951d0680d20

SHA1
05e1cd7aecb969b447854a5f05e12b191835c6b4

SHA256
9966e7a6dda1a76f4ad53afcfcc2ca1b0ee3ddadbc7841d2745b4745b51508f8

SHA512
5d6a9d6d72f3fb49a8db958bfaa89005d29f42194945998c96bb4c29ae0a05aac5647d5413cb391f1df6dbc098fae53a701762b91d743cb035b37e2a8f63b818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8253c25ee60b6fcfa01dc1dfd235c9ec

SHA1
7d29a84aabf9cba66e1d41b0b931f6ce16573f79

SHA256
80e7b750caad7f2326fd0cfdeda9983e5f3a2d0b0b45052b7dc99c6b88d75754

SHA512
e38c7b9873e79af1f05cf00bdaebcaabb06e17e3296de23d236e8a77eb730c08b7a3fc9f063655feff21f06a028667a1212247b635d81a5cfb9e32bdd076f01d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c60af9d1bb671860bb2685a848bfe50d

SHA1
0b5e08917718869dd17cdae37f4fba0e0b16cb7b

SHA256
c08b3f4dc1be86731e36dac9112bff2ac122b836fab570cb81177a55011061bd

SHA512
68f2fae038cd9e7da7da05b535c7e126afbb222c13c505dbb77ce7d59463a047229fc452c2353800e4d3e3897216d54e9a5181b283bddcfa514319f3066f7b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3acdf6361b4e710e06f772929134e34b

SHA1
8231c6c525ba042e84df195cc882bdce7d5d3d87

SHA256
55535e412e81f8f7c4a10c0773de41e1f7a868ec3690c3bc84dab2845ca0ec2d

SHA512
6d9cbe9415a2779bbed983ba1674e1cf9436e79427dc0a71f7e48f29c914ce6854ebe4b87521c0b2e71af6ab1dce29aac44263a29974cfb54a7debfeb70dbecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b46f03665e1ed4b621bce4032a1365cc

SHA1
51fa4af523f77ddac905fdfaff34572700879cde

SHA256
d29c66b0493182af778e703b1eaa24e8122ddac7abfbae72921f6d6939c4805c

SHA512
d6c74b3b3d29b6199e0d6dd7afe13adbfe3b565fedc5ccf0d97a7ef3b8aca2892f1e81ef61df688e35dbb962eba989ca2a53b0c6e14f6f5315d867e3b513c17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3a4163cc134e76509462e28f3dd3604b

SHA1
81c258d509d292c3f40a7737768a8b2acfeaa561

SHA256
ba014dfc13a8fc61402d1366f439079cf5ab570a025a5677034a21a09e457fd4

SHA512
a510ade63fa92280ac21cfe5d01a17d7646d219ad4f2bed9165cce014773612b3baabafec0df03b11b816fac998f5366ec027dd4558cdc01ebb9475549bd9347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ce48881c94b15c677b382c064a5bf7b5

SHA1
75c48fcbccb4157720e34ce6f51953d30012bb14

SHA256
832beed07ca3898384b147519cc4ba9905fc90d84379a815b2a30c5ce6eb6c72

SHA512
a3cc255b1d058ca54474b0b05d3ffa795eb0e90b36ae5f6b432bcd5aa21f3947eb32daa879be4cf9dec4b2f36ef5cc29916b9434e4c57b97fca092ddef1bb03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a997a3a9339177ca89853a15fcd2b852

SHA1
e23b90e8407711cf8cc50bef9724adeab075ed3a

SHA256
8616c54148ba1976fb5c06f06471967bfb96b3bdf71da31fc044148b47fa352c

SHA512
a22bd8f60283642badb520ce578015dfd226934ec04bf211a1a724f5874901e057147b46d22337f1b5c678ac066ae31762b09609bcef49b43767fc0b6ed1752c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
22c24471ede9b14d0fb4aaa13941a952

SHA1
f23e0cab459833977585f15972bd7959b34b3b1d

SHA256
fb08acecabd197e4714fa9621095580dad508c97f47a1bfbea21e87964dcdcf7

SHA512
cdce98beb44f14861e55590f8bccd5ae955804463bdd703626991065b9a4a3bdf87959ca0b50dd1e4fd7204b17fa027212508bc6b37197ad4fa01e72d3403e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
209936b1009d1d83f3c2b2888775b4ce

SHA1
d7f48ea252d81502d3070801428275dda7a395f7

SHA256
283e4eef48870ebd411639ef5898324c664cb1fb21a1db0ccb5b73ccdc510b90

SHA512
57b3c7f078128053a2554d3644ee56fb3e4f11af0cd790f9c6464038c898d597161fcb717e6e9467f12c99eb50e72ee4b4b92f7661943a88b8e4c6fc84829e2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7ad1f8acf6c149691bdf2afffce9566c

SHA1
687f3916a63786ff273e4e2c28701f0516bf5cbf

SHA256
e9aa8bf7fc0cf48abdce35b105870a8a4d9c3ec11a3b4edcab16519d5d9829e9

SHA512
ad1f93c643ced5c8bf49fa98b43b2fcf0f2f54e95ad026ef2ac2666e5f35cd8d14da88ec727d46767e1aa94c8f0205be592be3da0d5ffa5e29859b6d6c3c6b7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b48e401d21d29c88673b3aadc49c0c2f

SHA1
16225acf9ef3ea6df4538f629817e7269d8c52a0

SHA256
325dc9d614becaedcfff23b4793157732bddd265674890fd49884f924ee5b299

SHA512
123d078fb27676d0e8417673aa2e58273179000ddccb47c6465b7e2800ff65de591f3e503fbdc54af6f25581ef5a5ae600aee55ed7c8d1de601c6988c72ff36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c8daaa7a869d3c8f1a1abec294381b59

SHA1
ebe9dcc997c257e6e26b37695c1c091e771f5d7f

SHA256
88c04c2a4ccf49ca249d12d0f02b918855aeabc81413bba1b7d0387882451676

SHA512
f9956480d7031ef0d8d289b2a7904dc340582887c5399d08ade4ba2c97cf638c94e1df3610f4877351ec733c9b9adbb233887b37b3bb070043b4ec655f3921de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c35c7939-afc6-4703-bf4f-d4d6d8279986.tmp

Filesize
5KB

MD5
5d550fab1c630b424aab8e2a24923d8a

SHA1
61220b18aa588b197b895014942e966fe0e3101f

SHA256
b594d14f18f9dc6bb2935f862e1c4f78cb9639b0e522aab2141c2ea06dd3d97a

SHA512
2173cfd9435596e1b1e3d4b627d59a3f9d93c51576c0ced75061808876ee0dfef028fb56f0b432442e4420ee31a23aa537f349127898af91ca220317c0cf15cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
312KB

MD5
367dbe30020b914cf90dffdc6809d760

SHA1
3b556e4f008ec5044eee835989d17927082b604c

SHA256
c43a5032cc986a0c98e68a9e89bf7d97a98cc35e99aaa4da36314624e94b03cd

SHA512
295aaaa96db7dae72e5dc9db9ce73c59b5756031089914f40255535206daf43bd07e1638d3b6066131d47916a62d7a1af70f93d7c35c71bc7cc5a4f3aab4dea8

Download Submit
\??\pipe\crashpad_2964_HTWHROMYYWUIWMPB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2740-24-0x00000000037E0000-0x00000000037F0000-memory.dmp

Filesize
64KB

Download