1cbaa4d4c817743a7ec88bdc3f8d15200e543a86e0b3374c6d05a15a0762970f

Analysis

max time kernel
50s
max time network
154s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vibranceGUI.exe
Size

776KB
MD5

6cc583a1f3f4500a524b61255f1d2710
SHA1

7c1a236e291746b781aef5dafbcdefa648f36357
SHA256

1cbaa4d4c817743a7ec88bdc3f8d15200e543a86e0b3374c6d05a15a0762970f
SHA512

7fe177862b1aebbbe32de1aace56cba69d35667a0d337847984380f039fed7c61cda60c2e6c02e6214d4178f715e808089f5a6b4396d94dd87d01a97a88ec8d0
SSDEEP

6144:LPaQf/VaGtX5RlJxeR2CoDnpYRkIE3IRv7I1:LPrHVaGtXV6RToNYRkh4t4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vibranceGUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B2764F1-53FB-11EF-9629-7667FF076EE4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2244	iexplore.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2244	iexplore.exe
2244	iexplore.exe
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2244	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2244	2948	vibranceGUI.exe	30
PID 2948 wrote to memory of 2244	2948	vibranceGUI.exe	30
PID 2948 wrote to memory of 2244	2948	vibranceGUI.exe	30
PID 2948 wrote to memory of 2244	2948	vibranceGUI.exe	30
PID 2244 wrote to memory of 2620	2244	iexplore.exe	31
PID 2244 wrote to memory of 2620	2244	iexplore.exe	31
PID 2244 wrote to memory of 2620	2244	iexplore.exe	31
PID 2244 wrote to memory of 2620	2244	iexplore.exe	31
PID 2060 wrote to memory of 2900	2060	chrome.exe	34
PID 2060 wrote to memory of 2900	2060	chrome.exe	34
PID 2060 wrote to memory of 2900	2060	chrome.exe	34
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2328	2060	chrome.exe	36
PID 2060 wrote to memory of 2536	2060	chrome.exe	37
PID 2060 wrote to memory of 2536	2060	chrome.exe	37
PID 2060 wrote to memory of 2536	2060	chrome.exe	37
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38
PID 2060 wrote to memory of 1696	2060	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\vibranceGUI.exe
"C:\Users\Admin\AppData\Local\Temp\vibranceGUI.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://twitter.com/juvlarN
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef75e9758,0x7fef75e9768,0x7fef75e9778
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2172 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3236 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:2
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1280 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3804 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3732 --field-trial-handle=1000,i,12921724173375116130,8089097638969862621,131072 /prefetch:8
  2⤵
  PID:3028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b8fc43437f2870319a601cbc035f23e

SHA1
1cb950aa77271edf5be85f53d26df8d81ff10fa5

SHA256
9f1f3e1770ee5faff39173cc881790c571b22ed12c225a8b1ace18e6124a5774

SHA512
ab37276a9bc48778bd1716d9cfc2b71a2fa14c73278d138e4c94c37bd54582dc882fe2636ec0c18bbf4b3bf340a8db86e1319b1d71e2d034acd1653424a4b79b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29e0fecb534839d858323a2f4aa1ba64

SHA1
d182ea006706ef12f4a01fc08105f4973f9f2db3

SHA256
f6968b3de8504016e3ee1badc8eadc9a987519e539f8f6a7d6a045bd9cca164c

SHA512
13e10abb61e74d864c8c554c62c8529a8eed6c2d10f39f364a3de52277c75dc66bc250c2351fac338e686daccb009dedba4303e5f053475c19662eb1411f0248

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae4161af2fed74f439c801609a1bf95a

SHA1
2285760fda2bb170c00521a8b97815a09d55241e

SHA256
cf72eff60a6731d104ce3ddeea7848b5d361b762703b319803048a58ca88dfee

SHA512
651dc0aca249e002ecef9cac4e96c3a1fc9ccf65cf6c2af69a58057c33ee74ea2121dbe219fbecaf3d6cd6873df2c3cce12c0ec3c12848f7fe5e8175c69da1b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f59606ff5c255e183d1251c9ad507fae

SHA1
b76e92e36f7355e837cef11edd0ebdf41b7aff80

SHA256
a09dab8ccbda1523d621b5c7a45f2370111f8dd23eb6eabeb93713627f7fdc78

SHA512
ba92b269e54cd574048dfa3a0afd0609b222305b2869ddb948e80da5643691c25ecef3fc1b3a6b5cc1713fb0aa6993d1dd211e662c98328a006fd1a5ddf72155

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d95ec9f19af0742b8223350a7e5ac61

SHA1
03df5570008840f9daf5f2742bbb1f19b4ae5203

SHA256
905a56d9972a54499883ce4b2b4f6be8b610fcb9229defec547a373441083a94

SHA512
b67ec6363b2319cae66deaa9176fbf7154b9aa731202826ac8a0f4868a7de2dd361f311f7a287951521d2bbe9ff44f27d84218f69b044be745d4c215c8aa9355

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54144acdb7d96398099099737d2b4dcb

SHA1
2e29a430b7d3dab183a0f10f3109d758f50dfce6

SHA256
4aab8d4e848577f57b737d6cd15bd835b48c2bfaa73f166aeefa0d62c7932a04

SHA512
38a24cee1bdf4af3388e91e946d31c81613f30cd37fc73bf09f13275c92c4fb6d4964510aa47b3629866ed3197fb57a1417e32e42c8e9addfb7a2ca1a30f9fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca86da9112b334625ccb25842d16792e

SHA1
4e1bfc0b8e64127c0df10e052caafe4772461664

SHA256
c1ba37a706cedd241485d8dc2bc223908a71ea233d3081409e5be84ac123a615

SHA512
b00903305b39442ee167562ede960f54110021378baef32f48705387b0cebbe533bb0ed97bab624a03863b61fec146738b3b9dfaeeeb8c21ebabbc2fbf7d8bbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
181a711fa5c30a8dbd9b3e8632a2bfeb

SHA1
0a04b36e042a0a1ebff42aab832ceb248dc529c0

SHA256
f2a9a50f168eb015c0722eb5be0d63fae44187f62f2fc5c16c4549aa6ed3441c

SHA512
57bc1b6c484d0a467faba0e3b11237888111c64b63d6aa1170f5fdaa0f86ba4a16ee061def13e843eb605b96793d6ece75f9cbeb160b1b80bae3926dd67309aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
0e6c086fa2d9984b75b0a4fa191f731a

SHA1
542b08c2375cfd5b8e88f17dd76a1d65043ef050

SHA256
4413dc66a7214431b220d4c2dc603e35f559d58d63aaed08d243ef89e86bebbc

SHA512
2413a93b23b4529eb580a428dc97a2053d306c97b92042309cf35ffa3800da04931c6bb57ece191121094eb5f8d1ad5518b6b315d18c212530783d51c93c9ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
202KB

MD5
0d7583efd942684b51e0312d1247a986

SHA1
c263e1c0dd020f42e36a265f7c314782eccd4149

SHA256
008fbd563d2df07a86b645b79a817e2a2d4635462233521339a7f9194a174571

SHA512
013df57dc73c387fb48ef9a2846e1cef13b212ed885a9ff892f91037c5b8e77c7ee4fcb49cff209233b348440aeecf2f8ab9cfa70fc0ecdb71ce5e9787f4872e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
97f6b1b6ee2c9d953e4c334af419ddeb

SHA1
e79ab56bebc8a9e14e71cead78ad32bef22dcba5

SHA256
a004ea513781402ee9bbe741468d96c19c5613d628d1afc43ed8c66f7da2ba72

SHA512
b997abe3031266ea4c15f08061a7feeaa3e921c0b2e3cedd4593f8b6303a0b6ae136361ab19bf0fb7dd32b36fc8fd92042f5545fdd4b9b585340cd45c754fe0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4d7dbcc6f64645b5c5e754a5dc6b1191

SHA1
b3f16f264ea73de643f85f827aea2341e61113ed

SHA256
0ef86b545dfd467b6c23aa069a9cc55f5a2fc2fa7f8985bd4ba8b10b32f3a640

SHA512
1d61fbd9fba35a82e87f581d1b69c7b825a959e701c8cb116ff1a50852af1affd6428099e5d951490b83dedda2c140bcc30087aba98985ce0954ccc84d09ed37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
18e49f883f9cece6a5a1b6b28f651ee0

SHA1
a87bc670af915b1401eb1abdea85b6d2888de60a

SHA256
f38ce191ff8c8bf17950a88b64b48af7811dcfae16719d8a31ebbb79846a971f

SHA512
045c2d8bf3ed28f8e4c180f98740c1431e0cd8fd1c3593039e91eb1ab1118a1d22c6856645f3759c55a16c086dd6295bfa72b67a5dd10bf24d57a3cf34ed1895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
310KB

MD5
e870f262203ce402efc772137c78a8c5

SHA1
f57c82f8ecd586b5974ede80ac5c135b41b5f8f0

SHA256
865a54ef7239f629ae89cc5ba99d29f022573adbb12257f8be5a49d52c04ec83

SHA512
0364325b2f32e046d7d7d3ed7b6c8d461b5c706d1dcb0a79f808e97e98124e8664c0a803a271eb8eeb962bcc90af1e0174c4f24aac4475015503c3005f39f14a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab40CA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar41E5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2948-0-0x0000000073D5E000-0x0000000073D5F000-memory.dmp

Filesize
4KB

Download
memory/2948-1-0x0000000000F90000-0x0000000001058000-memory.dmp

Filesize
800KB

Download