3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae

max time kernel
159s
max time network
370s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-09-24 2.11.17 PM.png
Size

45KB
MD5

578c76503d19e73f7a935cdfb1a4108e
SHA1

74644b49ebeb844cfa821fe70251f8e56ac6e112
SHA256

3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae
SHA512

52b1cb29234be0e46a90cc26f8ac9ad6ff45887f80fbaf20da53bce7c9530111778317aaa393e6e94fe97f3f15372a0de869f709e768f278bd74ba989599ca0d
SSDEEP

768:54PXdrAREaTeqsZ+93ArVC7UpbJss0JAKEKFXsojUIFI5A29+FKn2g5Fh2O:54Pa1swmfNIOKEKSY29tnxhz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2696	2692	chrome.exe	32
PID 2692 wrote to memory of 2696	2692	chrome.exe	32
PID 2692 wrote to memory of 2696	2692	chrome.exe	32
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 2820	2692	chrome.exe	34
PID 2692 wrote to memory of 3032	2692	chrome.exe	35
PID 2692 wrote to memory of 3032	2692	chrome.exe	35
PID 2692 wrote to memory of 3032	2692	chrome.exe	35
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36
PID 2692 wrote to memory of 2592	2692	chrome.exe	36

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-09-24 2.11.17 PM.png"
1⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8189758,0x7fef8189768,0x7fef8189778
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2204 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1268 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:2
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3384 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2460 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3704 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2300 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3560 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1556 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3996 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2276 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2560 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2212 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1360 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4008 --field-trial-handle=1244,i,14732226842174055446,3833372159765477002,131072 /prefetch:8
  2⤵
  PID:1536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
dbb74f17f882c76550d48de0ba3663f4

SHA1
5588f567466d97fe9942087b1c519d2b656c5218

SHA256
4926d87f3aa10435e11a417f901c7ccc8b415cc3d6bc3ac7ccba9ee9b1192786

SHA512
6710f0d865e29d0ec2849bec87db312fdfb043418a1fe6d484955e36670d370586df4e260c50a8165444bbe706d4d9c653cf8cff8c08b68807a09d0fce4dfe3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
052bcca90db936b007f35195494e78a4

SHA1
441ab309f3b28b724919bc8a9260c3c6f48f2ba2

SHA256
1ff26399a8b261a7b0b5f44dfb6be07c306ceb6762fd800a6f1162ccdd475875

SHA512
7f0991e772becef9eb3bac325064d2952ae783475a3e36a9030844a7d098cbd7507c320659a4da085d0a231a449e6bdab5eba694415737ecc9e31e82a9012b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
61233e3e7036f6897ae21c18f0d2c5c5

SHA1
4e1a95e1fb3df8f8af08be8caa0854b4ab3a66bd

SHA256
f0f4b5f938c5abd44f245504a6cb23165e3884124aa21bc2da3aec2bcd9dcde3

SHA512
7167bcd3fb98fe54031651da12d861474345af4e0751619d792b74ab5b1ca2e3be397da29f53f1fe028fa3d43fb857de6f16358652d0e6b5b2991e6a17af5ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bf290aaa98f686dd1e64bc3fe1a9bb3c

SHA1
b4b088569a18a8c286b604084ec3d73e18defb62

SHA256
00f24eb9a2d49a934ada409a74edffb89b1878ae6135b4a6dceba13a8566c78d

SHA512
93041c9f8b6fc51744927eb6f7ee743b4e6e6266ddf46eb3b3e5e6570638aed282fce229bf89aae3ae32aa87af92688e2bc383dd8cb6fa9c45d13f9dc2f3a087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b4bac6188be4fc777f38f6f23ca713b

SHA1
252c89b379baf7ef80a34e4f3c792ed3c74840bb

SHA256
68326dc40188a2951043cba52a671eb39cfd071540bdbc9ac2ee062e03b28405

SHA512
51ea456bacfe5627cc0a6485e3e2b54698b191001b99bb78671f2aa9130aa38b4ec1823cb8b489f653dbf4502c7b85a543932a3e687253e4f2d63d450d65728a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0fc51bb62f3c3bacfcebbb9b2cc0f95f

SHA1
f586349821440a0e976d1bdd355d7cca18ec2341

SHA256
a627b08c638f4bd5589dd75b44135c4f59cf52eadf3af27b00c82cf897889a13

SHA512
14c8b958312f628ac0750188a571367fb52c20747389575973944579e3bcc3f21bddf353cb63aa851a9b712d3038336d536b3405dacc9a5b218528429efcf0b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1135b650bfc9cc9f1071b841893a5383

SHA1
c807dfc05067c38515d1541353b45fe0ee16f202

SHA256
8f40c9149fc9fbf3782d08bea129c2f5f45ad8b0cad7ecbf0f59f56a09688f01

SHA512
32b1f5006c1d560514736eac6b0fb6d19f4246026843b027a216d801f46c5653fa73000a0ed8e577770dad1a24075ba3e299bd82f02bc583fc4a41c9501efdea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
04eef8b82ade5362debe56adc82f0803

SHA1
54f1e48db808ea1da80d7ff73781ebac82415b78

SHA256
f0ecefb2c663690f20173cf9f80b257b10f275e94c3c918292ce55fe6b4166df

SHA512
73b92d04a85eee33506f4567433a08c73a06f7ad2ba00908db7d36ffc38c01152b58269e032b2014785dc9b8d2e9092ce91b407ac2a5e3c76714c40461f2eabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
362c8e3f484807d161cadcc28d3349fb

SHA1
4c0bce711b7a776788bfc1298310f4f591eb7250

SHA256
6b68889782fef329bffadfb0590d1990a970a5e3a4aa6b94f2d8c2e8cff64530

SHA512
17ae5ffec9e0f2afaf40c761e52281d0b655b7981f3b5e0b1526df3a92213f8404aafdd8d8ef9a3dc8c3984e6c5ef34e17542401be8db561ae1971f8f6e83fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ce6e45d6bd9a15e698a0bcbf48494e3

SHA1
922855f2e3031ec9ec9a78980959725b19934d2d

SHA256
1490bc7cbe280ea8007d88488430d9acd976111b009a407aec85589390473e37

SHA512
297df577e2840777b34e0ba611e1806de2e059897d584b154d5eaa4b099cf05fc98ac64540ec71e67786f8ba186382dc515be4a07f5229266d58865b770c4495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
28eb59b1f26206d2c9355d15682132d5

SHA1
0018d70156e62a121ed1f135bcf1cc841559c2ae

SHA256
66fbbdb082c5b47d7f1de51e5f9caf57821c3b27c76185790e23cc6a4d0484d3

SHA512
1797ace06e6bba6af5a153d6397b4dbf0dd35e6fc7a0ee576e9033a7be18b405bad4f4a4503ef73bc5ed6f2fc21085e3986578a0141298c97e7eabd5b1bf1db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
32f17d7094b61d945e50cb152cb7b3a6

SHA1
ab3547573b97852c61a983add0db5b2b6f06dd6e

SHA256
fa1ec99b34882b6cf55fa214eecd4ba3f30b7da94f1705d1a2c1b346dc4a0a39

SHA512
836253fa3330418cb08ec8c42f3ce65c05698093291b9fe4eb8289a346f25c26c9b74421201a14c7e71f67b8d5aa9c4be059524553b6bd106fb205910ccb95b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3e77b2836f981381c1a48ef5f5d2b75e

SHA1
9ff4f6928554c31243f8a0aec4960a4f69b7f061

SHA256
3da66b89b7bf57c12285369d07c68fd667a1047b25bf85498cd0c3695bf5d6a4

SHA512
e18a79238ed329593eaac1191b5a15b81ae9277b87a6b6b370c3a8cb7162a6518a31fe2f6e695759ccab840ebf1223fd862198159cf115fcf0afd3670c73b96d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4920d7a93bf4483545aff3424d1a78df

SHA1
5b622956baf07061ba229b11962b760ed1997e91

SHA256
96ecdbec8f0db1d2cd4b7366adba879c1f7d3047b887a786d9458860faa142eb

SHA512
cc695613429d9e7c2b857f260ff99ea31cf4c5bf3163f8a587e4952f3a1f9bdc6a185d9fa48ea616c8d348c9f50cfb39d78d1c5784bb36f62d65884c9defec85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d8917dc0-2be8-4c33-b871-2ba2d44b3c24.tmp

Filesize
6KB

MD5
f188e47932faf9114b24c7f85380a6b9

SHA1
2abb2f5d045a2ab3d704875a316d82a58f2b1f8d

SHA256
2c9d78e82874e7c91c91f63b5d8be33088b100dfaade4502b6911356136c4c7d

SHA512
614e0b180583b4daa46264d544b837f87652eb7f87ae304bf3da5f3cc6cef6892f856d66f8c83ac724b12fab083a4ae4e233c512a4763146e18891ac0038405f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
13a009e3203218eebd4f2005f4a5822e

SHA1
8a7285a967b3a0d78e534a31c89e88cebd80bce9

SHA256
eab5641c87c551cab7d2f49a63599e3d41efffce1e1ec8a661ab8ec5bb9fa164

SHA512
115b302bb8d0c4bfcfb092c7828c60f16bd4783650fc02b13cbb9c84e8be999ef774239e6093062a666070b675f71f96d0188e9785454c235645aa233e92249d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
74ad71f94c4e480811190e2219ebdbf8

SHA1
da76e7fe3c57be90d688b4c5ff248ed7cca9de86

SHA256
4e3685c21dd0aac8b36b6b5021dd2af8bfb4687f3386dbccdbdb71b282e74b18

SHA512
acad6a2b6fad52e45a91f4127e4e39ac8fe88df3f83d624f681f416d9a94ae491ccfe407de67d6dea99606fedda775029d6ed7b1a811db1113d733ac2406b3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
335KB

MD5
733d216ab79c33e7385d47c7d827fc72

SHA1
6f6d5cc718e2d87ca310f12e8842d6df671c9441

SHA256
b6af8ac0728a348916ea120676d4cdf12618b1dc813175021a8573920f545562

SHA512
694c9861689ea63e8557f50693cd14baefd5f0bca2cd9471f637a68a16b4a49276d079fe0221180b01009d81773743c9f3c8bf6bff4e4742b17a4e2422b74ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
392KB

MD5
4532621a7911bfb7a24ad8223878c3e7

SHA1
da87c2619fe535a99590b9909fcf472be1aa2d56

SHA256
c44df2d113ad637a1ea0064462f406ca45770befa483614bfac9e53ce7279a99

SHA512
d6f23dff0f45c67c3e63d4154a96f34793c64d2889d2629baa18535eeb233f23e2b7036c92826ff96a1140907110ef236602dd49b2cfc3f18d0d3832a29f7bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
274b1629f8c66db36db0cfe3b620c60e

SHA1
a402aeb033f4dbfe53282a1f78f1fa507b9715ec

SHA256
c1bf6081bd7b0fe520a6ad93cda1c33b7dc78ab827e6dd6b114f13cfca206d39

SHA512
c18004e09b2a00cca88d08cf64536d7081d2f57db08e90875e0ca32e1e96944a5119fcdde548d399e84cf21b2ee6f6243b3a098801a58d7033ac73542c33938a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
bba1d932885520d5f543520bf80d1c42

SHA1
602c81d4f327526369f9aaa060b6e65f691c0af1

SHA256
432aed90f0686cb7d1ecc65cd01786f6dfd386972a877a5dcf7505c584d04d4e

SHA512
c609de5f3d086103ef3735477300ac476be51759577861ca43c07f42a3e1f1a9b293992e2df7e5a97f8e13eefb125ea053f52f31d83fa9c07a97ffc6523075cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4720.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4752.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit