c7ff8391c3118061eed4d741b4c58a844b36309ac419fb369c39bbe398244a34

Analysis

max time kernel
138s
max time network
420s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.js
Size

32KB
MD5

68d7befd161369baaa7255655509325b
SHA1

4f16e32c1a21498bc2c1ddc534e9a43b1842347b
SHA256

c7ff8391c3118061eed4d741b4c58a844b36309ac419fb369c39bbe398244a34
SHA512

e03232fae4bf2e2db18b2101e92cf13f5ff97db26b0cf90bcf4d3ad99c7f4c2957ec8317c841adb74944b15897d6f578722f0f96493beb3af9a7cf221e894db6
SSDEEP

384:McWG/lrqQBXf8hPP8g8KUZ1qjoRpd9n3C1oj4jRWyhfPojHADVpLMFX8CwaPAhI:McWG/xqQBP8hk1qjDoj4jrxojiJphI

Score

3^/10

discovery execution

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1856	chrome.exe
1856	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2280	wscript.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1928	1856	chrome.exe	33
PID 1856 wrote to memory of 1928	1856	chrome.exe	33
PID 1856 wrote to memory of 1928	1856	chrome.exe	33
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 2036	1856	chrome.exe	35
PID 1856 wrote to memory of 1352	1856	chrome.exe	36
PID 1856 wrote to memory of 1352	1856	chrome.exe	36
PID 1856 wrote to memory of 1352	1856	chrome.exe	36
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37
PID 1856 wrote to memory of 780	1856	chrome.exe	37

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Client.js
1⤵
- Suspicious use of FindShellTrayWindow
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6579758,0x7fef6579768,0x7fef6579778
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1780 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1304 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3736 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1560 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2348 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2116 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3720 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3984 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3976 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3804 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3984 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3932 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4312 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4340 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4460 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3696 --field-trial-handle=1380,i,12208201550181189966,12705183359428897705,131072 /prefetch:1
  2⤵
  PID:2920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc
1⤵
PID:2156

C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" SYSTEM
1⤵
PID:1056

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fd925a69dd88e2e04a906fed8c6a12b

SHA1
ea287ab1ba20f3ad1748c888e7742e220e4c25ee

SHA256
4301515688bec936e0acc13709643b5c7c2239f34d7949785a8476cd937dddff

SHA512
62a216c659d2c3817c5823bd124e64e8537a9e7a0c819b60f664590182989e58af5717092920de4f33e431590b5f7844489aafdb9fd72988232cfa0efdf65a86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
718a8602f3886b674b07317b94b42ca4

SHA1
97e745453e0946481b2c9f5b2c0c742f976176c2

SHA256
e115bdb0ab16f8e062f7d26c1563ea3d05916dff15cee1f5a9bdcb0606d5740a

SHA512
30830e86e21a793d47b2282f408be0d96212e8c4ece54c813a7bf6734376789a87b855fe14ef2d31fab4482e090e24e73f6aa44028d9297c7d0ada9ecc44a432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e512ac1f20827ccd81eb6338fe47af46

SHA1
6f35b8ed2dbb1fe691b3f4c393788106439082b8

SHA256
e31eb41fd6ebe6b7867b16b43e9cb2a857fee30d8abb5af710fe95cb3b1d577a

SHA512
a4643b5b3a8e0951edd7d43a7bbd17fb9e88a13a0066559b4acb77b4132db96cc04ecbdc35d97a2d344243738c271d23bd6d0679624a459ae84feb93d2be8ead

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65ee494c26aafe4935668bc7a076c259

SHA1
1c1880eaea7225dca5b25707d608e2e47a68c40f

SHA256
5bd9f6365a13772143da431d75af754c72d0646a0c745b741b7a9e1044a72363

SHA512
d1c09ae707dca084698f32b463c2ff793e379400560b051de116aaf5d26a7cf26411d264156c6b22206412d32754b01971327070ccaf14f10863c5cabe55476f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32092a9ae2ca326c0248133023a7bdee

SHA1
5622ca75a0de7a7bf98ba0986193a9d5331a2c50

SHA256
3da2e48af39d6afb661d7fdaff8a0d5d25c807b5bb4f26c48df5cde1aefd2502

SHA512
6ddd06b10edbf5aa96d664a579e0ad36b08a46cc0c2ba6428fd9d92a85de988a301db181bee08ba095bf4c7395bfb1490e282bcacae91bd3816357f20d48fd33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27a80909834cbf624efde7de61bf68d9

SHA1
2f6da2d5095d4768e5bcc86fc0be56ed0a57f18f

SHA256
a3949ff0c492d8555c7ae5fe27e542f56117329d7d5ae0989672aed798175fed

SHA512
cb5b31fa9cb1d4684efe0e0664d112918fa5dd14fc067ac2830ff5306cc9faf6041c6b693eb289c9675ce5b9d4d06c9c9bd0c7a5bbb7ea4c2b7083d9695fcb6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
883d425ae56392d454fa8d4ad214349a

SHA1
4f050336ffa1a4a3c2de41f5e3c7a42a38b92126

SHA256
bc224239fa0bac39a88bd139b519304fdca172e2741a2ccbb4bb3fcbf3ded6b4

SHA512
e6afe15c06b217f31786074ccaf6ca4816abe41382e659d780ab57232978add630485006d7d950825401e568ec62487135c050ed9a2e0c030deed108a56b28e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7038e877a8d75375691569280b8eb1f0

SHA1
5138cc76a2f387a971f84b2c54c1d6a7a6ca95f5

SHA256
8fcce243deaa3a7320cae4f9929e761c0652d8704928c160b5c7313ad6d1745c

SHA512
7113b79abf83d21958154f4a33a669b98cb36280d8e8c16f584c0696a625d471d662d733a15d8954c801d127b831e09e76cabdae41d4e70b1a5732b991d0fe8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1b53a9d9-d8a5-4c9f-9209-f38aef4bd6e3.tmp

Filesize
327KB

MD5
e142dfbea6d36900c795478173288b65

SHA1
8ae63bbd355ba74e6ccd6014d3b03849581bc2c5

SHA256
1939a3252698e1287d29dcb01fdb6d2851a65dfb2b7bdbded7a19933cc98ed5c

SHA512
ec5ab8192b533b6edb467cd2da00b13d87fa6084b7141e86efcf1696feaa17decef382088943cf56ab1700dc7f39e22796a6e22a515b539bb20714795eb81ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6440e5b4ea3156744e4a29d42c8a2bd7

SHA1
da7b625fdca100cadf355ded3e112a57f8d25866

SHA256
c06f6986514f9e2a2853949c3809aa06a2d39594470ed4ffc77b5a9552565fb7

SHA512
960de88d405bccc917ad98c1cc04b9a3cb2daddd7a53ab5934e27e3bb2b1638dfa81688239db0910b53af711521a998a788ffabcdcaecf36caa0df2a31582d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c54adbe5c5968d78ce98b451a8b458ae

SHA1
044bb1bd2756b36dc73a1f8649d321ee3a78b6ea

SHA256
e3c20bd06492728d7887c20d6810ff2430770b2088452d4ffc1ebb753075f13a

SHA512
3827a29c93df95a95ea1e1ad35b2c7e2d5f10ae613da80a523413ff900e0761308d4f78ac68bb45b63ab893d1dc6e29adaab9f55f83b4160e714ac8cafae4acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0b89f5be595446ddb3472cb33bba99c5

SHA1
38f7bf52315e08664ecf0330c717b08950f55eb9

SHA256
092eaee7186f15e8950792c909f1a9c557f9e8a62818049cfed7e5687cbb14c4

SHA512
341a0d7c090db946eb7d6728312c71e78211a0a27f55d2eb80e6fa693e30196cf5422d68f983cac2eaffb03f90859cbb570b4b0cbf26a5f45762d18061dfeb6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d849c04248fc9b88c2385f46762f03ab

SHA1
8234e2585bb354c2fcd366b87aa200593076d8d4

SHA256
0fd8d62fdb4c813a3b53a8ba90b24b3ba1208d6c80fe36bfc591bd325537bae6

SHA512
1df0c8b0ffb1ad22d1c57175c2162c9ef9a72060f3300e301ea10be84ab35fe647a12a6655dec914fb923462cd469bfc6a63d88d07686488ac203602d2aa80b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b74c1615929327afc2908ed7b7ba8f78

SHA1
0deda9ac534cc9ad33aa1b260c9c64c05241e443

SHA256
e090a16d212a2f3b6090873b4fc2bfdf163c8f08bd697541cc50c37ff2953255

SHA512
382cee6fc00cc7b4f51fa94edc707f05b7abfebe593c1096d6da245b4adf645c9e34db04ed7b7936061fb7acfe8eabc3b7b80356c8a877cf15312cdcfd809abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8efc2194ef5acbb3261bc6feca27e72e

SHA1
a491711c4f79c281a42e48c2f8e3ba5a2c263c91

SHA256
4f818f83748508a43d0c2069d14a7b149fccf39a77c23430e87483707e303438

SHA512
05f300821913c4e655744509247a3ec9e8b935a1ebbff9afa4d0ece13200a85f2b849d94b30bf0f07cb4900f09403ef414e1e9f7da25b06b086ed35733679370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b115b407-ac88-4739-86a9-99883d48dfef.tmp

Filesize
4KB

MD5
08f4f77455fa39be3313e7b203e35142

SHA1
6b1dbb53106f942201492200154668e7fa55e33d

SHA256
78cae960771cb8d716850534cc432a38b128f511e336e0e598a4846ae71beb89

SHA512
2c147dcd73cd7f425bbda41f1ace83367d7d3d66904fd5968ae14a03c4796e842ce79b3371a0ff4a8ce16bb833a728e84a6d13d52dc12e7c6943c83cb2f7ee74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
327KB

MD5
0600ed6e042f2bafaf87c255c6fafc2f

SHA1
6a0aab90e8354e866093fa77fa18aed369b4cbb8

SHA256
28589f1908c8500451bbe569da44299eaf4fc737e85a3f9ccfab68e66d37c464

SHA512
79dfa5e35de60f76d6496b2509bf4ad183c3219f01807daed79f91cde5bd5cf7715e510153e5f94c5f66997e7ef1d993a2e90343c8862adb37ab225bfb948b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
327KB

MD5
02f1e20d4d41b791d46e7649167781b6

SHA1
f972c6e0c864bee95872c8e3bdd1c7b6c7933e56

SHA256
70e1d75e09a8f08cf5ab48f41924b845065df729c38461945bc99bd26453cd27

SHA512
6486184289cb526c6c02cfec3dd5e2129849f8aac668327cbdc5ff0f7e03ac0d3015f02bc46ec769825ec2fe6b63cc193e91e18e67b62068c985d02c21f31330

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab70.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit