hxxp://dawdadw

Analysis

max time kernel
74s
max time network
81s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
10/01/2023, 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://dawdadw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1464	chrome.exe
1184	chrome.exe
1184	chrome.exe
2252	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2040	1184	chrome.exe	28
PID 1184 wrote to memory of 2040	1184	chrome.exe	28
PID 1184 wrote to memory of 2040	1184	chrome.exe	28
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1640	1184	chrome.exe	29
PID 1184 wrote to memory of 1464	1184	chrome.exe	30
PID 1184 wrote to memory of 1464	1184	chrome.exe	30
PID 1184 wrote to memory of 1464	1184	chrome.exe	30
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31
PID 1184 wrote to memory of 1344	1184	chrome.exe	31

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://dawdadw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70a4f50,0x7fef70a4f60,0x7fef70a4f70
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,9871037329793446861,6962218631109720378,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1032 /prefetch:2
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1028,9871037329793446861,6962218631109720378,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1028,9871037329793446861,6962218631109720378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,9871037329793446861,6962218631109720378,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,9871037329793446861,6962218631109720378,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,9871037329793446861,6962218631109720378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,9871037329793446861,6962218631109720378,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3264 /prefetch:2
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,9871037329793446861,6962218631109720378,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,9871037329793446861,6962218631109720378,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
  2⤵
  PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70a4f50,0x7fef70a4f60,0x7fef70a4f70
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1104 /prefetch:2
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1700 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3312 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3924 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1092,806097823067420377,2061922778809913573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
13996aa3ec9f8dbe7e64bc0730e33763

SHA1
57b69eeb6c656a4caad21b86b67815a5729e3ab1

SHA256
a2baaec15a6ad1d0ca97f0644ec9a54b636327f34b76f37f6988fd1cf43f17d0

SHA512
70c988c4441a6ff4f40e84e825c916b3c850712acc23d83d866959af4b22aa95918d654293ad1ae8cbc1d431a763ba7e6f8e764aa93758b2a2eba3994d13e076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

Filesize
44KB

MD5
073acfbd5a8179d3f40bd235b5975364

SHA1
3dd46be6166f80e248dfbf8cb757278410d2ac69

SHA256
a090b83d6fa2b94bcfc319365dd94a43ac07c6db87bcbc88defc3b065b74db3f

SHA512
07f3bf751d7c200118ab99e74f193fd4edaf18a4b267a29667950b781cb15c4cd962376bf0a4a121c5174b4c6f3b48d360a60585e4fdcf7b90689ee84d87cd8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1

Filesize
264KB

MD5
af1796d684ed422b70246f2c09c69627

SHA1
248b1dc9f02e8cae460755fb8640f42b41dd269e

SHA256
18eaacf27c822338994caedfb19345e46dfdad9607d6e5e41807056cab9801fe

SHA512
6467e529f2e9c6b21922a42c8946c1d88dab018c2cfe2edc195818f54ff6a428446c6a7c0b34634612008d78ce5e4148307630210d5b6ef7340f2096f4e84fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
04cfd149475d9213fb7bfca77d5d3f71

SHA1
029626fa638d5309d7f315ee9f790ae9388748cb

SHA256
1689fe00a12688b1f7fae977e0b86f795d7946b2261e5f1658b8fa8ee8697ebc

SHA512
2513aff46065689fe0824ff1ef65366d7f8a98bb3f07c5a50f3a0124d924b755c6828a54b516607898e8cf817f281f52aea8eb766a10e4eac0e3f4d2eed64f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
8676512a1231275bf32378f4e961f503

SHA1
9c2d420075c4a8b5fc615607a9f0ecba4aeb6e0f

SHA256
84aebdc2d47a16e0ea9fe1c8dc8a51008a73b14946ce65e002e9f53ba0ce80f6

SHA512
2bd198375fe0bda3448284b047abdaccca62d5347e5d5302afd7e979d9b7c5e7943032d80ec17952861ac141f8e36be9d7a92f383bccb8a768c6826541e003a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
d97029afb071485f2169bc671bf0aa51

SHA1
5d3f259ad9f6e9f8d838763c0caf799e7f8a7cfd

SHA256
51f7aa9a7eed7174385ccbf9acf9509096789cd667af8fd4a433e9b881ff483e

SHA512
16c416de9b7a96342776341063a2c7296cfc2c3e4d3519c1b3a96bd328e69b37e8cbd98d48f926d04985c9a918cbc4c125db0109c76795b9f638a17246ffd97a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State

Filesize
1KB

MD5
778566a73eff0a90bbde44f27eda8d60

SHA1
9bf54a957955c83c3facd7ee28e5c3edbbaa482a

SHA256
bcb06537ee8e59afe353af4159dd5a6be1ca4627c732b251a2a143a533c50756

SHA512
223568b5e0d73f1aeb5a4b08e8ec89c45a43e2e220eea43e73b1f027b26934626573df12737eebe2ed4114e16938f4b846c6360b7006ead5b92ada84d0dfec77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
331B

MD5
720fea36e12983234d75912ba24e7fda

SHA1
26d3220d8fae5415aa262be8dc2040625553e971

SHA256
78db436cdbdc41669e75233e72d9d067c3bc712dd3816e92ebcbc083c740b617

SHA512
794d11556590b2fdd4ec483c963201022c47ef85c0fef9ccc1284e04becff3ac27b471ad50a6117d182538c022dcb057259f5a201c8b55da0372c9f174fd2da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
1ac7ee470b7f75e03ae561678155f644

SHA1
e60b2d09997aabe9ee57bc77ff6887f237e066a5

SHA256
20a33d0fe68af34e336b89456e085c5cb70309177e98b61b6eebd6a046cf3a92

SHA512
c960cf20c9dadfcc8ddbab8ec058146e71d75d4874cc807617e98c7264f51359709de5fe4c8f1856f6677c44fdb01b87aa3264a641d9e39a0d16c1d898c46df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
421232a7859fa29230d97d1768f1246d

SHA1
dea0e6d3db97ccd3be0e82e15cd5e7642ca13412

SHA256
6b537b87af55d7228f1d057bfbe4e41bb925635c2d93bfd1e83fb1e6770f71be

SHA512
7cde7740c93d41fbec4bbcd2b95249082e36043ae08b2d2401502f1bcdc8f2d28899d8db8f0bd6bad00b6690d1b2d54a16ffc53cb3305221109c70e6860cbd31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal

Filesize
8KB

MD5
be33369911ea4737291dc39d34edcd63

SHA1
a1abe3dee5245f3459ce14849d938d48b91bbaac

SHA256
42b38a026ad882f1dcef785babf3368f8999754f1dcdad58b3d529db20bce087

SHA512
f35478be2a8a96c0e11dfbab01e1df9c84a0c855b713db587ccf8b381195fadc06e2a74133db521c4e71832527f0744cfdf6d8c85f1d97102f9965b9b47b7c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bf483b75636f56e2d6ad647780f619a7

SHA1
6bad284d72d3797819e3e86686522f154ab8f302

SHA256
e791edd2435210f5479ee8818c22a41b8006ff3c03b7b7c8fbc1714da40ab545

SHA512
ce974df079a2b1778854bcc615567073a294fa26b31c51a900b064e71c0566fd18543e6c59e3abcf242a8536c207cce6a27bdf8814be16bd9c400e44dfd76c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
194B

MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
24edd873083db95f2e5fdd6781b21d57

SHA1
6377d3fe3c9537f77d080dc5ef1183e7debf9b6e

SHA256
9ed9a72cc79c10a4ac039485983871b1a289c410891e78cac67d517299ec7139

SHA512
f87e1edd7aab803d5cdc562d4779b7b78933bb7558872580eaeebdcd3478a87a8e0db9d0def46aa016ecb70da5e7ed2c1068a69437096755e8ee88e3f155a8ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13317851016078200

Filesize
1KB

MD5
617ad2cf93821d307027db57770d0d9c

SHA1
411db0078dee0b7c047fe0989b0ee0cf52f0a013

SHA256
f7b480a2aa75b040c8c73cc8d85daf56831a9adc7cfcdce868b828803f575fa9

SHA512
b5577ed610ffc78e5842c64b4ba666e0feea7dad04332162377226da40e85f718dfe0fa536ae9e2e6b5a07eb9be2c4a1fbc50ed0237d28be459f90c1ce9e3a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
dac854928a2ffcbd707390f5c0c5a932

SHA1
79e9c38c9d462f8c9338027a0b2236dcea26a8b6

SHA256
888205b307c76b806857252b5c4c6af37487d1d1b494c4e9965100d0f44adbf2

SHA512
dff6a1450cb62a41427d88a01209689dfe757fdf367d6c1fcace3ce8b27d51f811ec14c23deda293e0a825103dbb9ef8aa191f09fdb8ebc220d34697440b7d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
b20219922891738053af25a8fdc4af61

SHA1
23a7cf4d4ff3ea57d522bdbd5a4ffe2a197027ef

SHA256
322d1c735e1e7b01a85a0843be51805f75017deb086d9584f4b047169601da0c

SHA512
b6d2e80daeea27df1305d035a79a0bd4486d9a0af260712d059b062a1e72fe4554cd3aadad1adde4e2ca4af92ac4ca6ba49e001e21ea640d0e1bfeeea9816fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
160B

MD5
de92ad90be6d3364745b2f73f4c3cf73

SHA1
9158681463bd30e5af4dda4baac81f93cedbda77

SHA256
0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0

SHA512
9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
5b779798ed2242ad54010bc70a561427

SHA1
ccb34e2b3958941669c40c44577adf05efb9afea

SHA256
b070bf8a5c9eaf8ad472f30e7d672d5595c54797b7b5013476dd9f2f4832f30a

SHA512
81bbf6648283cae9a397ba593a32dc85b6edb77a798ce9f2b2028c7db480bab80c8d2ec34115a82c3a018ca7a698ea696d44676f02131901bee8393e45402836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity

Filesize
362B

MD5
cbf5aeb956dae635a1ca2bca0aa75a51

SHA1
f2dc0e7f8a2abdd1bcb15ab8af82bc4c1ad20404

SHA256
c77bb2cac12808f9a1547ea5ab67ba117a03af5a3245d281f144bb054563bd6e

SHA512
d60480c8d01d5246107ce6ff3a34d5122b30b40f8571cbe377763eb9a9f3897ea71d9d784ac94596fbcc54908435a55f414a327f030f3564aa2aebdbcb946e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
6c1ca9533de225d48b8e8a07b2e34307

SHA1
f6c1429634abd4185f17b178cfb7a1834e02ea72

SHA256
22e9664152239b3efd4e915b2d15ea5a5bb71aa2977f5d28dd97e8d70cc178a4

SHA512
1a01d2afa5dc2ccfc0ceaf7ec9f9824cfeb054b0ab97c96abc7588e0887e1e55ecc8359766c32ba14c99d1ce8d1de2167b5a026e92034ca6d9c9234b75f932f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
723763f49c1b451675a94da63e6ca5d0

SHA1
846ea65b5909b49898560f697cc317df52aae07b

SHA256
5a0e2af467ad9c2734140e5dfc0f1a0c9fa5cf935411065a296f14104476cf18

SHA512
d8fb981b7a52a2545caef59182290354de19a79188b119df1c79a0ea48a3ee309083f5690f6b68f2213d3214d76c5ec6a85e71a502a4660047a2a0357a726d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
6B

MD5
16fe32bdc6965506dc26754bf9baf694

SHA1
a8e12e3ae69b18b59b0e544319be78760e3ffd40

SHA256
abec1bbd2f4378ef4066fb904c3b75114c4f4440267f7c8b7cedf329497a3e37

SHA512
c7c0643579365b49a5f0f278c3fd95f3a7f23686cbbce3aea9380916220969d7c3d99e77c18bec6eae11862d8ee62972c22e951efcda1bfa769e53cfcd36238d

Download Submit