Analysis
-
max time kernel
177s -
max time network
490s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14-09-2024 13:40
Static task
static1
Behavioral task
behavioral1
Sample
e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe
-
Size
345KB
-
MD5
e049bf2e95cfd9354cd04da57dc33e0d
-
SHA1
e5b896193a4bcfd10723dd914e2f19fd693df9b3
-
SHA256
2122beff06c9c868008da7f8d5659f4866b5696a809abf8c48b231db6e6a690f
-
SHA512
f01d1c90cd261c21a7536cc907e9bf3d0a6e3b45f6f60cc18da9350f687116d404161c1d5ead05bcad30da8b2f0c94fc3068389db6820be16a06fbf8cad10dcd
-
SSDEEP
6144:011QE6KflZF3TcH76K9Wwj1JJUkOOeaGO+/5cX52J2w:sFrITWwBJJfOOfGB/Q2Jr
Malware Config
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload 4 IoCs
resource yara_rule behavioral1/memory/2508-96-0x0000000000400000-0x000000000044B000-memory.dmp family_agenttesla behavioral1/memory/2508-98-0x0000000000400000-0x000000000044B000-memory.dmp family_agenttesla behavioral1/memory/2508-100-0x0000000002000000-0x000000000203C000-memory.dmp family_agenttesla behavioral1/memory/2508-111-0x0000000000400000-0x000000000044B000-memory.dmp family_agenttesla -
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL 2 IoCs
pid Process 2636 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe 2636 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe -
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe Key opened \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe Key opened \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2636 set thread context of 2508 2636 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe 43 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2784 chrome.exe 2784 chrome.exe 2636 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe 2636 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe 2636 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe 2636 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe 2508 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe 2508 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2636 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeDebugPrivilege 2508 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2784 wrote to memory of 2724 2784 chrome.exe 32 PID 2784 wrote to memory of 2724 2784 chrome.exe 32 PID 2784 wrote to memory of 2724 2784 chrome.exe 32 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1864 2784 chrome.exe 34 PID 2784 wrote to memory of 1436 2784 chrome.exe 35 PID 2784 wrote to memory of 1436 2784 chrome.exe 35 PID 2784 wrote to memory of 1436 2784 chrome.exe 35 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 PID 2784 wrote to memory of 2956 2784 chrome.exe 36 -
outlook_office_path 1 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe -
outlook_win_path 1 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2636 -
C:\Users\Admin\AppData\Local\Temp\e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e049bf2e95cfd9354cd04da57dc33e0d_JaffaCakes118.exe"2⤵
- Accesses Microsoft Outlook profiles
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
PID:2508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8189758,0x7fef8189768,0x7fef81897782⤵PID:2724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:22⤵PID:1864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:82⤵PID:1436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:82⤵PID:2956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:2532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1412 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:22⤵PID:408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2504 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:1872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:82⤵PID:1684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:82⤵PID:1924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:82⤵PID:824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=716 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:2796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2412 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2284 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:1488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=804 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:1344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3432 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:3044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2324 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:2884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3400 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:2392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3728 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:2396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3908 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:1060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1428 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:82⤵PID:2904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2280 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:12⤵PID:2292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1212,i,13694666092458372354,4882540142183391905,131072 /prefetch:82⤵PID:1652
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1664
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f01⤵PID:1032
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\12e2e44d-8176-4abf-999d-7312e904ab04.dmp
Filesize524KB
MD56c4da52aaaf2435f45bb504e62785cc9
SHA13fe003b9febf66e435335779dc6801177c5b6cec
SHA25657bbdf23d58fdb5706f6f65d1a42ac6d1da310729b0e6941556dfde788034ece
SHA512a237475cfd8bb60d0704860f273f5e4523c9ee841627c132643c96568b45ab3b39b6c293b10eabde1416520883b3e32c6364abb4abb4effc108e955bfb236d09
-
Filesize
40B
MD5ba9989410d716a22402772f7579c497b
SHA1e382fd8a875080e0bc8d207a7714f1bb80e49166
SHA25644b5004d498de3043d1f4775bdbeecf54135c83125021a3e68fcded07299936b
SHA512bc9b14c99089e450cae307b7439b4624265925eeee20a89bf6dc13a9e6f4a54ab242d095d0549cbffa3cd88ea622eb1ea9d6ad9154a3b75a09448aabae4c1c5b
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
Filesize
39KB
MD52dc5559e67a8bc070c55a8250dac20cc
SHA143e13198bd38c36de3eb0ffce3204cf0ccee0fcc
SHA25694aa6db95be36e718c37572c20dcfda20ae7b9c84c5036f2c53937478f7dac95
SHA51295980061abd9f103a9f3a4ccd489c7b7d9ca4ce16bed43a70341e327aed029c6b7c436a7dc58e8cf8524a58d05f04389f24f55296bc7d75ef685921c70d81472
-
Filesize
168B
MD5ccab8fca359ee8afe98adb06d931a5c3
SHA19c83963d7801540d0b21fe90aea96bfca52deeb8
SHA256be438279a9e0603add7aeefb939122fb8d13de1e494a4ffb36c4a6befcdd5cf7
SHA512e27caf5f404fead940a8b396f38869ea7538abf5e5dba040610fdd3a49d9d12f98df21ccff2a6ff9bb0cc605e3884f19ea7e19df8ce7f9eebca503d3f677e442
-
Filesize
168B
MD53f18181df9032f9e3c55916ee85d7c73
SHA1517028752c8a10912f513c3df2bd46b36a88f0d8
SHA256cb22e55ed7abc2580a293860794c6936eca8a0c4aae9bc1514e8f3c94de83ad0
SHA5128f7e4c5ba9b6cabdf764555011dfd0d40661de777d8fc09039dca5d4248b4592cebce6a751d5f49f7beff57874c7448190abc0d41092968010f2986527095f06
-
Filesize
168B
MD5a7c022ad6e3d9d2828b28cb60e877409
SHA1992083f7db55d08acb5d21bc16b4b864d5a7081a
SHA256b34af2d0c3638f09820d303038b611bffbc6f62d1392dd04252713507678ace3
SHA5123691e54a4e1fdde81ffe2c4b38b6e39c8e1d954e1de83d9f372d1364ce9766b151ff4636de5febbc5c57ef3d2182866cf19af5954bec7e8a678b091a18b281af
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD50a020568f5567af2c39c4b5bc526c683
SHA1040908f8b4da87849feb0737f088cdb1b98a8c5d
SHA256fa52530df50f2cf3a007cf602d07994f4d98f238fde6b1cac4ff214edc08277d
SHA5121da30271f30615e0426f2d5fb445d126206307b17c0a7aeaa19728ff5e411f506304185ad042a9334eb7cf37dd1820381ab7dc3c91ee42cb6b909277abb1d368
-
Filesize
2KB
MD55c901535dd970ff0ecca38dff060d307
SHA1f76f964cf0b020bd18dd6ddd81ffd9d4edc7906a
SHA256f8b85abbe39f507af0eff00a0ca75252b5c585a11923915106fecc6078ef024b
SHA5129f11ccd2426546cfaa397a3d3c2fe7c288f33f596f843d76515ec505b942dc8ff691c11ce3abd2cc576df47466b1d966c32d5f5210caa50d86206cad8717b5ea
-
Filesize
2KB
MD5ccb94eb007134491cd8e1454f4e0d3ed
SHA18c6b283a24191f7d270c1f094081eadcc9d38a73
SHA2568747c34ce001f6f516c50104b95bb46f8eef64880943461c61eda54dae019f9e
SHA512feffc2fad2f6db22ebc925c870a2863a339366ce3e5fed8333c1fd13a7d3f1f5348d514ae00b58b29f88eabd194cf9e030babeb69d25f72ae675b1db0bd56f76
-
Filesize
1KB
MD5c04e6f747bec8692d40b37e93307ecfc
SHA17f92fa862e52db8ddb7e3b5389ec4be97e5af7e1
SHA2566bd152c2396d315a66275df6dded38134269ccf37b3a3c1ed1eb4ef5a919b337
SHA5121793e279ae0bc680b0812c62e4741de5c31a15d56d9eb9fc9bda9529d784973fe036407c83955774c856560be2029a954e157876550f1de45ff719f14b430835
-
Filesize
363B
MD58751b6e295763f33515b920f38119c4d
SHA1f243d309459c04403dc102632b0061b876796c38
SHA256bd85d7b4695a91f8c235963d1cd4bb65fde7362fca1b78e17db8474eca2bf3cd
SHA51247204d81b65752f6d76317d5b814efeab711c4cee815e0f986aeddf31e1d9befb87d8488ed80251c0c150e4385e582b3746d703d6d8e1f310d2e6c9d4d69adf5
-
Filesize
363B
MD5f68344745a9075baad77a5d7729deb04
SHA11e622ad8a6f6429f45fc7d1da8c3cda63a012077
SHA2563b503c9b105080573595a68eea04d3bee5469b82835887960eb516c2eb054b7f
SHA51245fb8f2168651f0928ca576109fc99dcc0f6c7a48bb1fddc48dbc082791498d1e0c9d7bb0d87d2486b53227ab1dae610930cb203c6b6892a5f190577775a711b
-
Filesize
363B
MD558e4ddea85f02b9326298862b64bae13
SHA12c1d76c384e48c7d7a89d29bbee4552dc029d6e1
SHA256b3dfe65c1e086f62a60cc1cf0d495b1e750703671a2b629253b798994ceaa448
SHA51282b3073623cd97446a686c6029a4fb7f0a6b5f687590ea7b840d3c5da105b132dd1cd6fbd2961db297b950d00515b2245f84588f0458162bb8c2d47e01638277
-
Filesize
5KB
MD5f79ae9b9c04b4c9cd10ca1579feb0f91
SHA1713edf11dfc54cc147603b5e6546998e65a0c1cb
SHA2568fff52b9750f827e7292b0f160c008f7447702a6cdd8de4674aa9c8878ec2bbc
SHA512f1af5dea768216bc2fba6bbe9682a60bf8073e0fb67fc5a3d98d07dc2a3af73a393bcc4ebf97031d0f10f80d39b70ad8ec52a58563574bb54bbeb5dabed82be0
-
Filesize
6KB
MD5a7b905f6ab7bfb8b8d7ae4221e113729
SHA14cc2402edcf6d41dfa6ff6c8ad66750ed0940977
SHA256b8d33f51379d8533d4f6fb51ff81fff36069430a9b3069a8baffc372cdafd08a
SHA5122c84ec5950fb291a0209db508499cf8aa88ce9d14d85374467649cde77e80f866312ca665634264faa00b76baa10dc0ed29e0d9ac68debb1e5a24669d7869533
-
Filesize
6KB
MD518ecf99d2b61567828c7b82bb4e2adef
SHA12c81d7e5830645cbab7185296925579a59268f04
SHA25622948e63bfe1265cb070f8560b3f06393f84b170cde46ba8bc3e221a7bdc1886
SHA5121a362d216670b6dedbbe27c1b364e7dc0c2ccc16fa11922b177e2c1ee59c3385c43efc775246528ffb43c35e4888ddd3159a93de778187265c764c08f9bfad9b
-
Filesize
6KB
MD5f3cf539330b9a2ff036e162dbe3d175e
SHA143a5964c283adf4cbec9868a7f98ec2aad0fce28
SHA256734608236825d00f7c75a301f5e69bcef88552eec0458772e2f05e07b9c6a2a9
SHA5123dec9503395e99eb7453a3e961600a430cd51d7714f18b5a02be5fcb2647edada9e8ed58ebfe804d765bbdf155745a94f12c5d12550ad41556bbb1ba5e904014
-
Filesize
6KB
MD59334e64b6eb413e0eb21a242813291f9
SHA1c2862daccbf59651ea50fc6a922f06fe6ba9301e
SHA256a5b3e8da6d526d2073aa0328308580f1eacf16309a77bca3abf81fea410256a3
SHA5126a8dfe39ee216eec0a26aafa075d317184d77632f5de06573aae224afa33522bc075976a39cc721c09e9b066d0d380c255e10cca7150bb169d031609e9e7e84b
-
Filesize
5KB
MD50e2e6565c3c9bc3038a40c2d25113be0
SHA140ea3de125e0a90ab4172522d155e34bdf61e74f
SHA256185c1e904ac66ff2197665f36b00428cc3d43c94b1bc0340e4d12b2f906289c0
SHA512693cde2da2f18913a01ab54756d53684a35e0f3466c37f3e6957022b4adbf31930674bcc25eba776a6cd7b27b30bf0a1062c7dd576c72ab75edfe70a56b1e05b
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d9d45ad0-47e2-4a8e-b8ac-cf912ad8093f.tmp
Filesize7KB
MD5eac7c64a373713fce1c48543a7acdc50
SHA19506f7a0e82383ebd402c0d87988417a4d0dac82
SHA2563b77dd1eb7ca294a702298bdaef67d60d1eb83da218de5a48462d02f8f07cb1c
SHA512f2e3223aa699967fbb84a4da7ad9eae99fea379481c018c4027d3be542978e2ff383a66c5b6a3d4b7b366db5e4da05cae5ed1b9af93ef8e26b7042f79ebf988d
-
Filesize
335KB
MD5491281e6bafdb43c621e6b2d17a1eb33
SHA16885bede772e6b1004de1c5b8c0ef6c859ac72a5
SHA256a43c0afcea52957e114d4084a0a623411b63fb190e0e1fa3d79e01a9310d3291
SHA5121f1458325defcc8f4f41f2fe746a22c33be6a732ba18fdce9a19962f6ba5acae75300c14bb70586dd7b3c473417e5a80d37cb49b507896a71dbb80a4ea8eede0
-
Filesize
393KB
MD5f03096867e5fc01d91b4dcb26c31650a
SHA182a77ee2c975a219721fe0c6cc5ef20aa3bf6961
SHA256451aa15cd5a7ff1e492f95b084a7906f3c45c8e8a5ddac411ce55db9b69c6620
SHA51206caf1c522cb809eb16a0ce06fad38121c7adbe97d02f6c1af2b975ec40486f03a01d2d6863e995198af93bffcfcee1de7e70c8cecb1f8417d1e08540cf1eb42
-
Filesize
341KB
MD5002e275aa56845a592113b9d7ced5275
SHA1904c2aa9cf5272966cc7c9b34ed0b5a6e3c52824
SHA2567b31514eb463eed60f2ba8c80a4b8f6181d9a3717beb6e45624b13f1333dbd11
SHA512222361c0b75435a52014a7d20add442a14cf7efde0059a96e1c603b1d34cc45d48056f4b30048aa1de837c0a8c59a625b0a0c96895d8f795d25347abc78709b7
-
Filesize
20KB
MD51dafb2cf34f35d5814c11c4c7c97aad8
SHA13f49bcb442c672bda015eebc1e1e6ca8584b2c01
SHA256a6ab79699435b6f5879e540cb754be7a637e7b878b3decd87a6a9445f81ae6d6
SHA512c8c0b1529aae25a95b053f82724ac1b60e4a1ab3493187691aab8a46c93414379222c06de238b7f351bd062ab7aa8a03e5d5b2122a0d9b1b30712501b6780365
-
Filesize
11KB
MD5fccff8cb7a1067e23fd2e2b63971a8e1
SHA130e2a9e137c1223a78a0f7b0bf96a1c361976d91
SHA2566fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
SHA512f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c