1f36c3cb1c8b3cf49b38b47ca5f51c81fb0c0e089ec23e915308467f0515bcc1

Analysis

max time kernel
67s
max time network
268s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
08/02/2025, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

s.exe
Size

6.8MB
MD5

6ca3af9f2b35018656c3e3c50fed4d5b
SHA1

db76da5f8cfee5c4ad613d238231968608f4576e
SHA256

1f36c3cb1c8b3cf49b38b47ca5f51c81fb0c0e089ec23e915308467f0515bcc1
SHA512

249711de4ca1fdda7582f2236cad821e6e597a37f182a0fc61d3e77c93355403549c54228b3a326f195ae3df2f43e6e1e85bfbbfae18c2390beab673d4538453
SSDEEP

98304:vvkwN+MdA5wqMXh8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBnLnU:vvV1UB6ylnlPzf+JiJCsmFMvcn6hVvQ

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2324	s.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00050000000195ab-21.dat	upx
behavioral1/memory/2324-23-0x000007FEF64D0000-0x000007FEF6ABA000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2228	chrome.exe
2228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2324	2564	s.exe	31
PID 2564 wrote to memory of 2324	2564	s.exe	31
PID 2564 wrote to memory of 2324	2564	s.exe	31
PID 2228 wrote to memory of 2640	2228	chrome.exe	33
PID 2228 wrote to memory of 2640	2228	chrome.exe	33
PID 2228 wrote to memory of 2640	2228	chrome.exe	33
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2124	2228	chrome.exe	35
PID 2228 wrote to memory of 2396	2228	chrome.exe	36
PID 2228 wrote to memory of 2396	2228	chrome.exe	36
PID 2228 wrote to memory of 2396	2228	chrome.exe	36
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37
PID 2228 wrote to memory of 1572	2228	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\s.exe
"C:\Users\Admin\AppData\Local\Temp\s.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Users\Admin\AppData\Local\Temp\s.exe
  "C:\Users\Admin\AppData\Local\Temp\s.exe"
  2⤵
  - Loads dropped DLL
  PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7329758,0x7fef7329768,0x7fef7329778
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2168 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1324 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:2
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2852 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3788 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2296 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2596 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3724 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2816 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2972 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2176 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3708 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2124 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3784 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2036 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3032 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3844 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2784 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2996 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3564 --field-trial-handle=1228,i,5819706417583445097,7051431788996846720,131072 /prefetch:8
  2⤵
  PID:560

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a35f9d9385d287f74867193d2aca1316

SHA1
9264be776b9a38dda6e07be4abf43dc3026a4abf

SHA256
4f36202a708ebf9231a7ce65ed0c6ccd8f69083bca6e20fb3bf7d43ec2c6f2b5

SHA512
0c362cacc77c23c92dfd9ccb0454b062d68f2752a7b58a2f3a8e10f6b6614cc5ee3dfca959b8eb4fe4cc6744e12109086e09e4ff7ccda59fdc926420f6c2fe88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
121KB

MD5
a58806522f709448aea6a8a6936b197d

SHA1
77db6ff847103812c052c3b825ae489485140b2c

SHA256
233ed2381d1e1163ad4040723cb56c9beb7d4373846a7ce5858259dd9659f493

SHA512
88ce093700bdc87094943d1ea1adfae5cb3cf06d7b63e6f05e57d42d7ca5aaa0e95ea257fded8e2946716cf14037f5c6e153047ce68cc001b614255469c5802b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
32KB

MD5
b582b2eca79a750948dbb3777aeaaadb

SHA1
bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f

SHA256
04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82

SHA512
35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
66KB

MD5
33411bb179575dfc40cc62c61899664f

SHA1
d03c06d5893d632e1a7f826a6ffd9768ba885e11

SHA256
274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f

SHA512
dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
98f3b8d0b6217c05331fddc0fcfc8998

SHA1
20164edca433d6b96a75b3f4a5152b87b725db5f

SHA256
f4e453c372a348df8efc959eca656c65b1d79c831e85245a8423fe44ffdb718c

SHA512
d4998573b8b53924c2aac4cd2b58bd50d94531a2b0766f63a023597793009b7ef93a4e10bd2ba57e08d13d6b7b36512b9bd06bdf6a24e6bd395ee938ecf9320a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
95582975e034d09fb9f4efea08190367

SHA1
80d4b28823119a794481b37dc67ce73425df8587

SHA256
d50a2cbed7a2dd87f700d098aa459793c396786a66e1be35838aac75f4c1310a

SHA512
73841f6edb8d9a2c78147f5edb6a926d261589616df098663326ccaddf072efab32fe66f481e58ca046bbf5888ed502e32c0918ca875fcb377463e045c480cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
9be29207aa923ce2b07163013361b94c

SHA1
1f55dc96780856edfdd7a4c7906aa878ab8cb7f6

SHA256
43f08bcd53d2b2e3c416172741a0edb79ad0d0c63c2baf399c3a4b4be17f207d

SHA512
9a4fa92325fa17d5163a077f8a993620197f0ae378e6801468be1e62c2f5d4528b6b9ca9b649dd4cf8e48bc9fa86eee06586781a2942dd1b288487a1f77ebb90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
6fbb31bdf8a9b4ba2d6ef7038fd9445c

SHA1
468deefee36b83695eecf85dca784744a6c78f00

SHA256
8340af895b956e136f5e2566bdc210dad3a6873d170622d5c8ffbf60711e45a6

SHA512
23baae2267186ae88887e95baf764cf74352c499fe4610184af1b760e4aabd48a62fc815cab7b5788a522eb8ab7a3866240feecb6a382c08cd7e567cc9351e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1003B

MD5
69d6c352a634a50cb0864adf769838b1

SHA1
c1d21450510744b02472555b980f800cbecbff30

SHA256
18456e93a902a25b15f2fc569e97673e3c138b10840cf538cc33015610b1c8da

SHA512
2e20de27eb38b567cc8e948f93845c317a9b9d90ae96df6fb8a028ae1aa1466dfe738526e1875d8f3e2a2affa8e7e290daf33bf61568d73d035e524041c4d485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6115119fdb70f3bead4daedbe81ce783

SHA1
7bb3f7afb1475a13048375ddbb532af84e9a647c

SHA256
abd7ea4a97aaee748e73d0dad575436da9156739bd27fcbc6a3903891f1206d3

SHA512
d39284f986ad41b731d345b1f08a91401af0a58c72945664c72b62602f5e916d3c03ce8551d67ebf5feeae2afe39b319b488cf659e93842e4ec0f59d2cac14c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c84eddbd8ccbdf9a66076d4774624d7

SHA1
19e09cbb49ec56f33abfe4f7463d69ea28b6496b

SHA256
588adb952e44d8e46d2675b3527cf3714e6dc1f40cf6baa5ad5956d8f8aa7f6b

SHA512
6381b42240243f191c4b4b2546f6904731f73e865b6ff7a85c0bb91d623c55ea546cb86b2ff0456b0c475479306d008d3545fcb3321dbf46b41ccad58eb927a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5feb04c6700d129e523f1c47945fa87f

SHA1
b934cfea04fa18a8eeb17989672ae5482053052e

SHA256
194147bcae0c599121911f88baa7e45797b70b95b01533cc093a5649242a39cf

SHA512
09d5a86c56e109e37a1f0be9b7fcb438762f43925fcec672ed2182a9e3b3a616ea740a63f2dac724d11812e4a65ce376cc5b8f98856e90bc8454cf0a6106c59d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d1d2d97b0226b7a1c76b08807b4af124

SHA1
68e5d339a9dd85ff0aa6637a3f7b851c9767a24d

SHA256
f819727a4a87cdf966e91a64c4d0e45bc4cb2d408a272e0db35a8f924c4857e1

SHA512
346f12d9f98fe61744464b82194dd096061cb9d564a425815e878e91434bd302551d8a687cbf0e751e91b360e91b41df58d6b1fba4368ddc106ae98ac7be04ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8f5524a1466a5ce000b98a2b3f2de4c4

SHA1
ed3fe85241c839aa2db4c170afc736985e78b591

SHA256
3d3e900d1a0acf4ea95c7d01bcc9e83d3dd6cae9897761cbdc153603e47de929

SHA512
1e61ab16f3369d20b4353b54feea26997055f42d9bcb9207867d693ac6ccd6debbe404f8ae81a1dfae570f0914979dbda6ad50ea466275a2654016ff941cb7c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
45fa9b58f0af02e89a785c4a700ca5cc

SHA1
282afcf3d454628ddc2ba15842bc2b4d3f31ffcb

SHA256
1fa5ec1de1e58cd17b323642f72702dcc226d68e0a05e3719322290b289959bc

SHA512
1a1074746ba7aa251477ea572ac96fa2e34ae6bf483fd0c64b20c5fa13f3440e82282f5d3828758dadb1244c2ce75813af9b43b50c61bdc97a3590e792c27b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
08eb5283f520f923aeb4a443135b6554

SHA1
7fac254984f309f59c8697d32cf6480f98763f49

SHA256
474dd9bc9288ed7f56f639a464e7b7d8f79c680890786b0d89e990cb39424584

SHA512
c57b77bc6d122deb1e3914e5e9c0a1e681177a3e03f9a4773fe9993dbfa68fe8ecba84f2da6d8953f438d7ce7406787ce211ddc8a2b948bba4509e4bba2a2ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f08f8720bf7bb5b808bc195dc9142329

SHA1
68c6bd5a983562c19174f0e0d5a897b5d5cc2fd5

SHA256
3c47c99cdeaf1d71556b3b07885bb8256621e7a8f51e5d3007c6f05ed07bb351

SHA512
3e3f56585770c57ec3eb1679ab31526c8cc3265f209e1c986450999822083d87debc29407108be44082cc1f07d96051a18378985fc055f73a7f272f1be403bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0716688-7217-47d5-947d-c258a74b2c69.tmp

Filesize
6KB

MD5
3631e9eaf15787e43351ae8c8afdb30a

SHA1
bdcfc1afcf4a56d8f22724175ea007ebc0a375ea

SHA256
448eae338495b9eb16be989892654d9c3ec50f2753c82f810b4f9331a07db6d5

SHA512
51d62937e2a39258f3a1e31a7fffb7ef7cbb7399e6e608ad3385cad4833ccdff54d576c3d3220808fda96ff085aba51473bde2fe92fbfb413a02bdf0c826e0c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
357KB

MD5
aa312ae96f94c56657ae4270e272bf6e

SHA1
59f0df6f3b92dbd93e4536627ec44a91b2a5de13

SHA256
498ea48446d7f9f640c728094c3063ffd52cbbe04dae64b2c574de70f77cb228

SHA512
f4cbdfeaf3ec79b997a85884410b5ec305fd4933c369284b463a8df12f2d6434b0e6365618a1ea4556cab637e99705c7b1d4b25f240a3ff845f2a058e8775819

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA363.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA5F5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25642\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
C:\Users\Admin\Downloads\python-3.11.5-amd64.exe

Filesize
24.7MB

MD5
3afd5b0ba1549f5b9a90c1e3aa8f041e

SHA1
f68e39fc58029b272f3138eb9e6058ece72631ec

SHA256
1bb46f65bb6f71b295801c8ff596bb5b69fa4c0645541db5f3d3bac33aa6eade

SHA512
c86bbeacad3ae3c7bde747f5b4f09c11eced841add14e79ec4a064e5e29ebca35460e543ba735b11bfb882837d5ff4371ce64492d28d096b4686233c9a8cda6d

Download Submit
memory/2324-23-0x000007FEF64D0000-0x000007FEF6ABA000-memory.dmp

Filesize
5.9MB

Download