61997a310b9d1d2b41c88d2f53954c4576e84a6d196007c80651363360422820

Resubmissions

21-11-2024 02:29

241121-cy22baxrbt 3

Analysis

max time kernel
78s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Presentation 1.pdf
Size

204KB
MD5

5d86316cf7a090771fb7f654784f07ef
SHA1

49e4babbd351770b7b8dbdf7a0f2842fa58515ea
SHA256

61997a310b9d1d2b41c88d2f53954c4576e84a6d196007c80651363360422820
SHA512

5d2733023e97ff56b11c1f5aeea61c85626962282d7ab4d42a19bf7b6a4c748b31649506338e5d01fac25b71b270329d5bc4f7178cf83d24c0acd46472e53ede
SSDEEP

6144:Wm967I6+2mYqy1aTp/6iOPEo4pTlE4Awymmtq:t92F+GbITp/6i+9iG4AmD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3008 chrome.exe
3008 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

Processes:

chrome.exe

pid	process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

1996 AcroRd32.exe
1996 AcroRd32.exe
1996 AcroRd32.exe
1996 AcroRd32.exe

pid	process
1996	AcroRd32.exe
1996	AcroRd32.exe
1996	AcroRd32.exe
1996	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3008 wrote to memory of 1108	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1108	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1108	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1768	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 2816	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 2816	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 2816	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe
PID 3008 wrote to memory of 1868	3008	chrome.exe	chrome.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Presentation 1.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6fd9758,0x7fef6fd9768,0x7fef6fd9778
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1112 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2020 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1352 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3788 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3724 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1836 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2644 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1672 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=936 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:1
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2808 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1632,i,13529641679334247813,2903149694185198067,131072 /prefetch:8
  2⤵
  PID:2700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\783dce8b-661e-4acf-adee-e7c344e4660c.tmp

Filesize
358KB

MD5
0c79ca57feb2924ddc2301c623592fdc

SHA1
82cb83619529593587daff4520b61ff597d4dcc4

SHA256
72c8aa8c184a9833a47b1bdd75ac1a85ba0604e5dc9f982f42f89088854d830f

SHA512
e1e9f3b1ab7353aa0eb48dbdf7cb504cac5e48465e9c7b61e915d7c7bba9b657bf464e90962a2bf77e738f044f1ed72a390ba8fc4e0914a1008c0c358082391f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
6960812a7ff7788cf1d3485318fdd914

SHA1
ce0fbe65bc8b64fe17f697d575066b94c5118bf4

SHA256
0b8bce4ddc30131e3ba9f5cbb5c10b5074345f50d593d73a79834a3961eea142

SHA512
0cc7467f5eea034d46c949fb24c60f4022dcd784016ce11f6f84fd656eabba3428c529568de88269b29336370f8a684e44a600199d7c7d5c783e019213b91e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ab4d14d33b998ef3b92563ab21adf21c

SHA1
6af62fc20e627597dd3abec776301cb7586f4e2b

SHA256
5eca135df729057605a57e2d12c3f5f920bafb1a0fff5dfa8af097ee1f55e641

SHA512
c43929b09c1be776174c42a22c10081628dbc4f13d95350cb6855539e855890fa890d725e55dc028940f3e1ca808dffaaaea4c5d8af821f403586fe3f692f2fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
2f98f3c69b9cd7401a4f12a4bcbe5f5c

SHA1
9a40b260750b31442fc37d9ac66f2f76417fb2e0

SHA256
dc8318ebb177f1142b84660eb45ea84fc650c3f9bbb55434e1dab2f47cef3537

SHA512
a4831391d2434f8ac411616e45df0cc3f86d441058f802417f34b70c469ad8650f59fcb10c402a897c2a07528e11ec6184048d848fc7a2c8b755887cbfc575d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cadc31d7ec5c21f687c19103c7028821

SHA1
c60d64e818056e9a9379268d77493ed540fe9d3d

SHA256
934cf90e44828b3a3d592b3d63020fef2fce495844a5f7f09ffe7cf86a7cc59d

SHA512
46f5f54b7eb64f5b2e6289f4c7594423b59779e1444908dbac6d0a54f3fba600f1456188a90be625a705da0632d69e27673450a70cbb82b8b5bccc10260c624d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6acedd4aee67f159644c2d13f549d42e

SHA1
66f6ce4947b60ef30f5562f12a2ea6e7941b9875

SHA256
914f90930cbd6e04536c8e748af5fd904206da1037898decff7515e9ae3627e2

SHA512
a42a0759b6c25016b8fb6fdda74c9be7194403bbe13914b6c4e43d7d498f15fa5f92689eb2e7301de884b6ac6a735d4f7cad4f1627010d9e64611990778f3d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b12c21c4eddf7521e1b4d20ee927f36e

SHA1
e9d4504b0a1a46095769a886703953dc647fc6bd

SHA256
7f676a97760a174d47f6a785eedce5a2f7ab6817b339cf16888f73c5867d44aa

SHA512
6cc29e96f626e2e5af7c3ac1af3150d0a951073b383616427b8bdb70ada53c20af2f255271c5954dca322bed4096e3b803414246a6fffa2cf0fc8850f7124586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d47bde8fa97a47709a996e72ccce5ade

SHA1
c0d9d094852566d8cbd19a4a77285b0271292e54

SHA256
80d36b45dbfa9b4af951777d481efbd3d2f458c4f52573f4dfee22a0db2f75c8

SHA512
4cdbe89a901fbb52b8b12a96ec7f083ee4310597adf6577fb1a03855cd2da8304f66755d939c36d7b88710238827a74502bcde55daaa7a6cdfeb2ad2f40f77fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
170KB

MD5
cc461d392b46abb6f6dcc92180506924

SHA1
af4e6ff5c1b7273be125e770f1e3f5accca635ca

SHA256
26f288b3f6f95ff74f2fa79bb0f1a641445c8a0f3e6a883b3b3503847d269608

SHA512
437615b6c78a900db9ecb2dd4db62a30da5b783e0627a110f121097002c7492009702fa8b17ade6e2ab4ed0842ac9a0d0c0c9c0f6af09d27f04340011bd66145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
348KB

MD5
eb43f760d4c7d809b79827db374292f6

SHA1
f7630bad1f42e4f58f5b6f55887a7ef4a18bacf5

SHA256
e6d04b4a64850421faa64b2839d0106eef47456e7278ebd551e53ff402b4d8d8

SHA512
2227ed14cf52118ad7abb374b2c9eb857ab74f0beaad47d7f7393800f8c2a74bc1d8c7c11f1a4971e2ab475091005f1ea498adee9f6a980da99a0dbc20535e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
348KB

MD5
0cfc57da3c7c9be73daefa4457e7480a

SHA1
d9a8ea2a961de69246e0fa3be2de5260cac603bd

SHA256
f3525f13148bb37e9886986423227562cd190c9fc47240bd6bfa4973d6aeb462

SHA512
03878a0d7f6a9fb1c71cfdb45bbc826e91d327c2ba3b2f512493ad1e4cb98f61c836b5f9c6e467c50ab4d58e8cd3718ca92448d7e10b2fea63cf7c36cef95356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d8d8927e-a058-4f67-a96a-8144396649bf.tmp

Filesize
349KB

MD5
e125e63be05ae724255bcd74c6b289a4

SHA1
dae890a013b7d0e218734e7846617380e94cc58b

SHA256
73990d6fed76ae52a13047022aecce7c4b2bb7913760443b8ec8579171445940

SHA512
6dcc916eb33b41942845a43681b5017d728c1b02592a213ac173f83bee380bb1718dcbd9b5c815e60ca3fa87f090a72cd003d20972428262d06337add8342c5d

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
08ec295755bcbcd6b4503aa6bc25f64e

SHA1
00de7251ef297def8d611ebfebd1d2fcf13ba7e8

SHA256
973eda1b99a26ccfca1e21c5f093b3b1f1567d30af8a2a126b56db85e4b0866e

SHA512
f1902564a2279cf25038198c66e07209c7eea7c5628892efdd982f150da65cdbd9d3eef4f5385adabd945fe64d12078214f89606ec889b3c4ca6c5a9c07e4d2c

Download Submit
\??\pipe\crashpad_3008_LUCWFJXCQQUJELGK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit