2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6

Analysis

max time kernel
50s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
Size

1.1MB
MD5

0bdc931dfbf405332ba87054d9096a2e
SHA1

1ecc8bb8d214b720247664d0393aa8ec10a23703
SHA256

2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6
SHA512

06d5e10900fd959c14f0cf8eeaae30cdb9d8b95894dfa0109b2dc22e416ac9bc62af6389b03b5c087827a9ce064f28996984f0e8a12b2cfd0f3e80d28422044c
SSDEEP

24576:WqDEvCTbMWu7rQYlBQcBiT6rprG8ar42+b+HdiJUK:WTvC/MTQYxsWR7ar42+b+HoJU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2692	3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe	31
PID 3052 wrote to memory of 2692	3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe	31
PID 3052 wrote to memory of 2692	3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe	31
PID 3052 wrote to memory of 2692	3052	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe	31
PID 2692 wrote to memory of 2736	2692	chrome.exe	32
PID 2692 wrote to memory of 2736	2692	chrome.exe	32
PID 2692 wrote to memory of 2736	2692	chrome.exe	32
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 2548	2692	chrome.exe	34
PID 2692 wrote to memory of 1864	2692	chrome.exe	35
PID 2692 wrote to memory of 1864	2692	chrome.exe	35
PID 2692 wrote to memory of 1864	2692	chrome.exe	35
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36
PID 2692 wrote to memory of 2972	2692	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
"C:\Users\Admin\AppData\Local\Temp\2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8189758,0x7fef8189768,0x7fef8189778
    3⤵
    PID:2736
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:2
    3⤵
    PID:2548
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:8
    3⤵
    PID:1864
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:8
    3⤵
    PID:2972
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:1
    3⤵
    PID:1500
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:1
    3⤵
    PID:2220
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1960 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:2
    3⤵
    PID:2928
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3200 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:1
    3⤵
    PID:448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:8
    3⤵
    PID:1344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:8
    3⤵
    PID:1968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 --field-trial-handle=1936,i,5350632693917013698,2764786822538444849,131072 /prefetch:8
    3⤵
    PID:1972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
12ac51abf3b831dfefce6c3295c61f43

SHA1
bde32c18a09694b906fa669d2faef8fb1cbd97ad

SHA256
6aa60acb3b1d70b33424771b8fe2291521b4ce7a1109f3c16c67b3024b5bd990

SHA512
fa71c138f207def3445e97edc155a6be17e8b2f89e308a83a9cddd6967ac193f06e3cfb21f9bb289417559edc147e2f58f5e0a26f580a7ef089ad57fc99f7efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aab0e1c5-46c5-4ea2-903c-f15c758ade3f.tmp

Filesize
6KB

MD5
58927c2c1dee1be0de5009a947769e01

SHA1
9e34fe16560a9f9409c4e920cba971895b2ffb71

SHA256
80ef402fe24a4a9a0be8e70691011630cf1f829661a9dc65c2729421b1576f4f

SHA512
4841aaba65a06587aa741bc8ed4d689d6748bf9f6aaf6e6aa69369d1cc180773eb65fd5f06e7f65e5b90e019f6f94bcf26aae02c3be58761bb18ca551d1be430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
360KB

MD5
5741da567aeb123dabe2ceba07d34afc

SHA1
6dd4775167ef9656979f40bd4e1d2f3a2b2a3b0e

SHA256
622f913d151640ba284b21ae67854cadd5aa917812181aab62e1eed67a2ec426

SHA512
5d490fa8ca5455d7c3f0d6a0a06450d1e5068f9fe70d0749138bdfc9d163978703afb289bec118312fd074b7b2d85cacd5faaf168b4397e11bdd30784bcc4f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
343KB

MD5
c233fc9f18ef58dede60cdb23c52960e

SHA1
3764399d8ba53f4a4a07d1bdda0b1dd57713e115

SHA256
b52f4f96acfd3d30c07888f13b35ea779a10455348024d1a1b50feebed46ead2

SHA512
74869494e8f78afc8d070baccecc603261aa27f84f6df385f4fd38a092e376f93ec6869ca7caeb0db25b5f7809ee67c1c13e8ec0aa3d580900560b2db6cb246e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
361KB

MD5
c9d5da9162c966f20d8e76c511fa7f4e

SHA1
2c2df6c38332f247e430ba7f986229b4924c1a7c

SHA256
10b7ec361a66a5f54c6bddcfc452a04989e11d0bd8276e1daae22c5a84e5c900

SHA512
9191fc738b5c23887aeec13c4178e14b2976766e1aeb24ad52ccc3eb24bf4066f9174a67057343cea7881fe4ae7f9cd3704c481f36f898291767389cb69f0d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
335KB

MD5
bf323363af22f5cd8461144a642e0b62

SHA1
eb257dbe2616ecddfb20da69185a8acace5b9a7b

SHA256
adc4b8244e0477ec14c9226f2544527a9efdaffcdd09150ca180959333fc0282

SHA512
42bd58cc3a8b0abb8cfc252a31850b574caf52717de30e5ba10b323324a70bb5791329559c4f3e33b593d1d8dda4e81335a3410b05ff2d0a1063d44ec87d8754

Download Submit