446e83f044b6319c85d16ace8fc63537a0d8b541658a90dae375756495535003

Analysis

max time kernel
52s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
Size

1.2MB
MD5

3a6da0bdd054d3f1bb0f4667c00dbf77
SHA1

888a1e905691c8b2b3b4daf556469be493fb10fb
SHA256

446e83f044b6319c85d16ace8fc63537a0d8b541658a90dae375756495535003
SHA512

1a384a49b4b5a81f8cf559bb476c57a3f7b73250eb86c625bffaa32a0cd679480076c9aaa49209fa73c79db1bf199724078763c1ecb05e7045911453c57f070a
SSDEEP

24576:HqgTM8/TP5XsxDzwHhCeiqKl6lKiWj3MryahDSVXT5X:HjTT/TP5cxDze2qKjE1GXT5X

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
2824	chrome.exe
2824	chrome.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
Token: SeDebugPrivilege	1688	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2812	2824	chrome.exe	33
PID 2824 wrote to memory of 2812	2824	chrome.exe	33
PID 2824 wrote to memory of 2812	2824	chrome.exe	33
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 2744	2824	chrome.exe	35
PID 2824 wrote to memory of 1796	2824	chrome.exe	36
PID 2824 wrote to memory of 1796	2824	chrome.exe	36
PID 2824 wrote to memory of 1796	2824	chrome.exe	36
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37
PID 2824 wrote to memory of 1560	2824	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef03c9758,0x7fef03c9768,0x7fef03c9778
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:2
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1524 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1468 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=732 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2452 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3708 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3952 --field-trial-handle=1252,i,9947612760399551518,17147479946453137469,131072 /prefetch:1
  2⤵
  PID:2892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
67e486b2f148a3fca863728242b6273e

SHA1
452a84c183d7ea5b7c015b597e94af8eef66d44a

SHA256
facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb

SHA512
d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
10fb5d23546c0f4d28656a9381af8d3e

SHA1
2ce92e7f58b3dbdfb3ff4e9ea7fad7179cec863f

SHA256
5804b51f4e84bd98442d1a126f6b2efe07105e9a7fce4d2bf70d3a00fd1d0dae

SHA512
77fba7c3dc33783eefe562ef297c36557d3bbc9cbfa9e8771b5bce9d5816e8a7cf7e71b703ad9b42ab9bde7eb3a8fc9e4d250ad0b9d08bc9f5ec04ece25f9e59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
73b8e43461e466a47e1d3279d92ebf7f

SHA1
5cb97a9eb84da767b443b248071cc505c304892e

SHA256
70f47610f3780720eb426cad63e1ac0baed7ce37d14f5f8a12a2351f0c6b2fd4

SHA512
a09489f8bfe18d6bf0854a51b5fda6e18d441379f2b5a427b8febad812f889f9a1bef6abb1efb1f53044d4355e292b8724ef5b96850a4a69dc444b29b1918900

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a51bc5d7e610afb6494e99d9eb011c24

SHA1
1cdee646e2145594ac82f02bfa204f02ac2b6bb0

SHA256
ed4399256fba7066dca4d24f113ec448f456093f565d08471933cfe0750ca103

SHA512
18957e4865e7d144a2b2b287eb2e300d99feccdcaa8f9a84c9c7e0ab5c4bd83962d58fbd2b849986148c237039e4076a1c5edf71d0feb2d8c77d0640a5c4efda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3f7ffb11-a7a6-4f97-b7af-bb66d0e4568d.tmp

Filesize
350KB

MD5
115777cbf80993df1a9d421f2d6ba411

SHA1
2296faaf4bd46bb127ffba2c0b975eacd8965260

SHA256
ba9acebf1800a3236fb18b437de94e13177559d48921ab453b4b7d4a6a4f5fbf

SHA512
dad0bf574375f6347b419a2ff2b883ed0416e921a35be51c775ef933cfefbd3da84f6009abb233a8c42599a582477910dd9e83641fb1961a8260a4e48be39354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
06d158ed2dcfa8ae36059bed9c9997b6

SHA1
357e6430ee35ae35f430b8fad26a816fc57b1e9d

SHA256
cda508ce9651d8c3841b2f0fbbd2e833d8d81d049ae2987ca9094cbd1a1b5b61

SHA512
95ccff179954d6926f572e6ec52870cb295eb48999a6096dc53e54296f4cbd09612094a50d94ad6c410dd819e8f30316b8f67ef876a56188945dbdc28b28dd26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
699db21ee0c63e79456bc52879149315

SHA1
c19a57717a6a441e9e78418a0a53c24178b7acf9

SHA256
8c762846609a8893b95a4f79a3daa6666f5502d24825a78d4706ed4aea7003f3

SHA512
5383f53c4aaa6e284698547863f8d2841efd78d9183a838cb32ac312e8e6232ac2ff2d1d5ee89cd170b89087a349730d2532c7cc8637286acbaeac0c5c4c2a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
349d52ad6ed068a84855aa899cda6673

SHA1
c7d87d2f8ba9ca317bd71cd82259e4fab7aa4354

SHA256
a42496d1a6b89d5d79fb47e41656c180e192b635634ec2ff4742ab9819cd94e5

SHA512
419d712372c88ff0de4a126c652d46c2de73cd4d10e43fe56f52e137bc7f6d925e54e91ef47906758b088666f8bb31809e7b640a13ec373d96c578115be61538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
5afb5d7f5f1c91ee342e6d75ece0be32

SHA1
87503d20cdb9ef9998f5fec9d1c49a6915117bed

SHA256
02f7ad4ac354b688455fdce43a20a3c9deefe560be9f3331edd405488007caa6

SHA512
53c3aff76a29da7ed8a3e704768b9377b8b4c164eabf97b650ac0e11886dd73626f612f174ec5e950bc12469efbf4e2b324c5f45df13caeb9f50a326a69d4859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e37124f87840789bfd3b8c6649453167

SHA1
a06549475b0927198af37400d3301d96185a5e48

SHA256
2393cb0c8a69fa5df1dff03742afd58ef7c60dbc95025ba734f7a614c98ebeff

SHA512
0987648510bcb5b804ca3b46faa213b53acd9e4240311c100cf24330dbace9a1e18631aa48ee975a4685e3e32303cc7dbd6df2316c5e2b785db54658c853b6f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
57a12acbcc08246c64fbf1edbe796ea6

SHA1
023dfb8db7ad7e9bd4995718270357f55eb9de20

SHA256
0d2abcfb40b3eb288343981f3a3b0b6853347cbfc626e080ce409a3de686480f

SHA512
3561473b5f677a5be35d57c2903bb94600940d215dea031d47d0d5ca9632f999483bf676ed95ccb02d3b184e62d5f7b1f8787d70ca8435be7a0a7b8a201f00a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ae2d2f030ad53960e22d66b42d02d79f

SHA1
dbc81e570323537feb56b4448f3c2ed89a773eb1

SHA256
c59734cb6e1b2dbf5a40c1f2dd9883e2b396a0f38771f7db6ecc39e98f57fdf7

SHA512
18519e36879dc072fdd25b106b398a8d646ff85941e247e082053aad9b07db5cb9ced7b9f2d7cdb7256833824a549ce565d828f04e9bca4aafd168751ff7dbb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
28a03fd1cc8e41cbc797fe6e078de368

SHA1
641da91323e913c9f8cc7e7980045c89fe9a9177

SHA256
861fad58f59df225d3dd572105193f681828679188edc45bfbb9a8e436ba63c0

SHA512
209d92d845630876562b233ed7e5de0f86ae48eea649cc169d3cb504edb11c6225ef1c8c39f15318b67b7562c2b59e20d717fcc82751894712cbdf732dd92410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
335KB

MD5
802a63db5ba4471eb5d575f554f556ab

SHA1
5b4a675bef6b864a3d5387d0c24d17d2ce163bc9

SHA256
3f867cae8052986e85f449ae362b6055bb72d13f50af8770ba1b4ce5c658946a

SHA512
0c44de7892c9eefb99b57fcb24ad04a7bf07257ffafbf5fdc716e307020561752d627a31d6890ea03157bbff63eb687fcdc86dd4c817f43e76390a88b118f359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
349KB

MD5
8e7f4d613a49f49bf6d982ab79e34c5b

SHA1
3ad27199bb1761d4a867214ab557311db9fadd22

SHA256
6b753d87b872d86cde3bf2db3a263476fcc89ad16f7c5aaf1c5dca9cf5c73add

SHA512
2a8f1fda70606d1a73d6063d698758f0396558f9b4051947a7e86e6ba1f64b630a032bc7fc34b2bb4f2a7a3258f2c26403adc577f838edeb7b643de4ac57f34b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
367KB

MD5
84005b0890a7844bb136d5e351fee560

SHA1
133712a99214b46398d760880b26c777d0559b93

SHA256
b2a9820b7b748b9a2cd9b0e4a6aab3f560a1f6dd8d954aa733be278843fded2b

SHA512
4fb00b95e4eadb97771db3ee70dbdc524257000cf2e76644c19095072e1301b7d9eaf28cf9cb13063d06f516148d5119394ef7dbfd2b2a42e0058c3a16474dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
77KB

MD5
4193243afecbc1551ad83b8b841acd33

SHA1
87a471883c26395e9cfaa0448caf5014211bc1de

SHA256
cb227e339c5015c8bce324dc663396a5cc0959153a86f7d2ed162d7dd408c76a

SHA512
9952614751e3776cde520f569b67f336a07337ac59f5b5da03b29980af09eb428a4d9432e9a7caeca16870ce8870586477f51b9c6a958c24ae28ffd4a69c4f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA544.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA631.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1688-31-0x000007FEF5E33000-0x000007FEF5E34000-memory.dmp

Filesize
4KB

Download
memory/1688-0-0x000007FEF5E33000-0x000007FEF5E34000-memory.dmp

Filesize
4KB

Download
memory/1688-92-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-94-0x00000000004B0000-0x00000000004BA000-memory.dmp

Filesize
40KB

Download
memory/1688-36-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-30-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-95-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-12-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-8-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-93-0x00000000004B0000-0x00000000004BA000-memory.dmp

Filesize
40KB

Download
memory/1688-6-0x00000000004B0000-0x00000000004BA000-memory.dmp

Filesize
40KB

Download
memory/1688-7-0x00000000004B0000-0x00000000004BA000-memory.dmp

Filesize
40KB

Download
memory/1688-5-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-106-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-3-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-4-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-105-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-2-0x000007FEF5E30000-0x000007FEF681C000-memory.dmp

Filesize
9.9MB

Download
memory/1688-1-0x0000000000440000-0x0000000000474000-memory.dmp

Filesize
208KB

Download