hxxps://bagat24[.]de/content[.]php

Analysis

max time kernel
258s
max time network
262s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2023, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bagat24.de/content.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133241546631145956"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
1888	chrome.exe
1888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2092	2024	chrome.exe	85
PID 2024 wrote to memory of 2092	2024	chrome.exe	85
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 480	2024	chrome.exe	86
PID 2024 wrote to memory of 2624	2024	chrome.exe	87
PID 2024 wrote to memory of 2624	2024	chrome.exe	87
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88
PID 2024 wrote to memory of 264	2024	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bagat24.de/content.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2e629758,0x7ffc2e629768,0x7ffc2e629778
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:2
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:8
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5052 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5360 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4636 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2608 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5164 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2332 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1644 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5672 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5172 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3236 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5736 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5256 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5712 --field-trial-handle=1812,i,6153103774778674462,14124437369615046915,131072 /prefetch:1
  2⤵
  PID:4152

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:784

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
56KB

MD5
a851daf2a0836ab57e2bdd0b2e05372b

SHA1
fdbaf0baf17bfb6329091a2494ee672cf95019b6

SHA256
d63cf05303961e929801bf1363e3c518eb9f5fe8e3bba31dd3dad8e9f67cac75

SHA512
6e18cf7f8158d24cbc1fece5ac7be1c7ae97d75723ebbe35b89a966803e08f08cf0c9f7eb7dc43a2ba352345aa0271c25181d8edd2305b3a95a8f763bfe75bea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
30KB

MD5
269550530cc127b6aa5a35925a7de6ce

SHA1
512c7d79033e3028a9be61b540cf1a6870c896f8

SHA256
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

SHA512
49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
47KB

MD5
bb63ccf86682c303b68517275d1c3e86

SHA1
6aaa2bee8214b4023aa9810bce9fe2d90f83b60c

SHA256
60742a0c311063081c84e4fcab6c5dbbf724a60d87315e91acbb64e4e9a9ed99

SHA512
6d0adc3157dd98c8baa1bd145e2546b34d5efa5a48622c9a30406725502d10530132f6ca86815ae2febe69e89f39cea8fd5b3be51fa2c712ff935dddc77d2624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
18KB

MD5
32beb68a374e3aeac00abdf9e12b84ea

SHA1
b5d18aa625e8696dd9d07cd0869337717b211ae0

SHA256
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

SHA512
8fc41038b4dc2fc2465422fb3144b71c2acd2f4552607369314fec9b7f561b7a3919cdc4219df2089395241168ffbfe29e67ddda834e66c27e4c88066c8f4496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
116KB

MD5
89be28d046d7a2677fe99bd6a94ea2ee

SHA1
37f504e12966ef2fbfca709916e04e24ca18d00a

SHA256
bd73a53103aab8f59caf1c76b7fa3f8ea1e7dfd62c753c09c744feeb588e1a77

SHA512
c7c4ab4b253cd41ac5d9d6b8b88b82f584848bd6744e0445adbbfc9c48b068c77be1bfba32dd8a7ad4c3fa5e609d4c204a5522bc73bfbdb76667ab6756b06d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
48KB

MD5
1300547bdd24747a1050f3bcf61ed6bd

SHA1
bca14bfd2016dacf5b54edaf1d51835ba00c8420

SHA256
2c02b0fea6efd77d65b682a58b6e9bd462c5f74da83157020b98e5f4eca38103

SHA512
3c17d58af72153f5c1646f999f2e678ebd377ca277b21dbf30bd8693e99634cae78eeed124917c3dce64a64bd20123af86c2e5c90832d5aad6c59a3b5b2cb4ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\044421b525d313cd_0

Filesize
310B

MD5
256897293c0dced8030e179949bf20fc

SHA1
63dc6be9f1b5ff5bf9ebb516aed88981718f7197

SHA256
38f02197d0bd8f9e37725304b8e9834db4583ebabf7e3591ec03d847dff5bdba

SHA512
f482b08fad65a81f6190d0c7bdbbff9b93252e2d1713e9e4c2c7b79746a6d6b759a8d10e8a8f7dce4e0a281f76b4ac52bbafd66ee5771aad6285d383cb1d41c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0688e13aa2b8eea7_0

Filesize
292B

MD5
234fefd1e53361fe7c50cf893d2830fb

SHA1
2658114c7edbd6f6a080270c6fc0df06bd713d19

SHA256
5f2a6348b2cc6be1d610e95767508ee6f46b23a8d1e6814607809a1f09d4148f

SHA512
9a91e7a44b5f0a94df7a61e07fa93e8c6df1549a36936e29d1219ed4977438eeac5005230dfe9c8b1ee48c1bb66c69077dda22d7792281b50c974efa1202326b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\12bf8d54816c1873_0

Filesize
32KB

MD5
40823be314af77307bf44b6c8f7d2cb8

SHA1
86e0240303767ba5c30a94a0d22c56248c9dfc06

SHA256
2d712a87ef5221658d062c92820dacf8a2157da01cfd792414018a8888aa8bb8

SHA512
88aaf056d446be885659b225f805e1e3ee0333a5a800103ff8d39fbaf2eff02ff412853f736f1e1a2b8b6c5510a1210584ae679eb662a2e3f9a9dd61f84ba29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4a64b6fad2e63e2c_0

Filesize
2KB

MD5
e4743eb07aa833575104826981299196

SHA1
1b4fe344be4b95ad67e8ee0f56fbfad82cbcd2e6

SHA256
408b54f40ec4c63ddb7039d8376671c2fab1f7da0846f82dce057d2e7ff6e1ea

SHA512
6e1eac13389a84431b502c003fc39d97ab3b548989cf56858263198a8e264b24fdab54085ff2497fa1bc56b56bbbe2b94c5dcdb24f6447e1be5874df1e742659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6c85c401cf6675d0_0

Filesize
29KB

MD5
671680f84deefa8d812e9b268bb06d25

SHA1
a12f19576b0c48b10936636d4fc36210aac0ad67

SHA256
83623850749d9af75f9423e1e8876ca92a148a52c8f03f56b917e772e7e33bd1

SHA512
e3679022ddd2676a3d34c169a518712480ff67bbae930b3ddca66c463088a2f95364062c732c6eb36ef1966a2b001eb8979e4f0c4cc4f37721748857bd110207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7d1ed33da09344a2_0

Filesize
297B

MD5
c407d78fe89934957d21eedc442278b7

SHA1
9252b16a0f2e34fd2ca473a401493a16e066c277

SHA256
1c7e7fcdc156e27647257930dc289084cd1d372195553a9363478c51e4d9072c

SHA512
676d426792f3b56aaabeee1f8ddedd78d0da21226015344ef3b2a9fabeb02b6f63fdc9281f6f10aa1f03b40ff62ed78922091533a18ab62781dc2e2c133f0087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b6ecbec5aff2208e_0

Filesize
46KB

MD5
322f91432d99ff01ef59134a42656bbc

SHA1
a465313910ed8470ce83cd4e292c0278d0248342

SHA256
d6eff0417595396e29fcda1334622a9a252bf28b649b47fa501a451b6221e3be

SHA512
c00e6d5b6f411e78ae1bb40ddb55adf40765dc197f78286f4a5c421b32c8511ef0b5c32a0410352dc16dec70f99249d1ec3665b08eace5cdf7944c0e9938e119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bf99e64430288980_0

Filesize
3KB

MD5
d15ba8616c72a8a7717c6312ec9205a7

SHA1
c1462fd759ffc038f65f5ff3bbf87f7c6a25700a

SHA256
b885cc9dc05a1cdafb1afcdc3bf1fd93944cfe6f3977b69bb4c8ee1fc9eb57ae

SHA512
aca111c41e2dfc248597bd1d4653e9fc21e6f2760a4ff27c2f5551fe13d74ac4ab7c96bb29ce71858d104076733ba6bf7cb45febee0980d9b45db9fcfb6b7198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c41a4fd70eb66b91_0

Filesize
281KB

MD5
c2f3a8df65f03f4961e4a23738f2b510

SHA1
1fdfb32100b953ce8170609fcf9c43b07a954973

SHA256
e572ee4fa7be26b987af19fbd209084283580e979a76da4032f810f17a2c7127

SHA512
94a294502820f07754dce2488ce73ba2b1e1cb0b35b870a95fe2321a73f09f3d5c3ba050391d8f879d84993e0080834090a90de7318a36773a7780b3fff2d476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d6958924975f9124_0

Filesize
293B

MD5
5e70956b8038827c76ad2f083782cffa

SHA1
738a04b186c32778995077d283a651abc461fa60

SHA256
2a78d8462ce56eab116136e689d8f25acf991c4d511cea81ea3eefe43df040a1

SHA512
dd6321a24f01e57edfa25a15d9474df8ae61f269b13e67f3ec2082a5538af323d08100bad55d04a9524ab52240a891d84a0dc055a91f0605c886bc384a2301f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dd0cb5a991b2c7e7_0

Filesize
321B

MD5
466903712f2f3e574d52e0d3b3cec295

SHA1
fae12e667f2dcf1cc11c72f740ba7f4bf6ecd661

SHA256
36027a6dcff44b68bba116731b912f90e256e29eb50dc9cfcc263392d1959a34

SHA512
5ff1696d7f92c396d74eea2fe22ae4ae65a8276bccab1f2c96170f385c8589f589aa2d1799026a7eeac90d103b4b8c745aac81728d2ea305187d717e31aa1d89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dfed8943e9dbced4_0

Filesize
37KB

MD5
c2276a5a80e4822f2a5d390711b60bd3

SHA1
42898f2a12ade6182320c5283f397671ca7e1232

SHA256
f1c17bb9cbd114209d7bb759bf32df3ee44d79d97cfcbf321bbef7ff1df86883

SHA512
b22f3611b9c2d6a4a05a9e5994a8ed54e940f6af333a1d21c9690560df5ff2027876779ffef9c5c069524eb0a87104ae0ac6beb1983406ed5d7de9fda3a0cf08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
c72680f866c3d875e1ad97715542a8fd

SHA1
e60af7516c81eb63fd7e94903b10582fe22e3f59

SHA256
692a09d0e4074e867d7b095ce3269ac4559cefd678333cc46c573b8666deb981

SHA512
de2ac94806768554482f8de959c7bf3d1d2d6e0bc82d2e231b9bf859c5482a88b51fcfcbbd1cb8ae4092dd4fcb740f2eb718097576168a0f24345ee904f0d994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
22f96dc44f052e5cdceadfa2796e86fc

SHA1
46713762c8fb2cdea012d9274de608f48cc4e9d7

SHA256
c6709300ecf6956548afde1f1df5f101f3948f10dd5495fa8ab250bad252be5b

SHA512
b443679f890b83d69412fea75c9e318658678bdcc780aa52ea08769a920eb879838010c928e234168aedea9c64536fe4c72cb17ef42c44b1e9de9757c4e836d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0ff719ffe06360f4d25c0265f17f8c1a

SHA1
a078ab255fc4e0582406e1999d47f719c458fc85

SHA256
ffe00ed2fd16c09f4d6aa81b5d4d4062c334afca71a1d9f5bfdd25c20108c04c

SHA512
5260fe42f61db0f72e3f423c2a13f1b461980b75bc45f4f0e3d74993a30901da282d4aa0950dae132bf55e965454795c68a50d2dbc586b1c65dd3b1fc917074d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
82f1f5682b8eb1e97d0b763be0bc24f7

SHA1
e585942fb5f0c99cb0d2d36faae43d4118df9cb9

SHA256
93e46a4431592b7fe63a44603ac1916c5e168bb9fd60001fa427e90242280d5c

SHA512
021849f0b821a26dabcf48d41837faed3b83cdac2ec75b9389b4d97dd81706c9c0fc4779794a0994fc3bfda709f144a9a1bfe82264f6a825b571d1e0ca46f5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a9a56125f18ac435a3632e3a0de015b8

SHA1
0b99ad436cc01726135d37e77b8b2552cad0dfaf

SHA256
475f5cec84a19a16fda273018d0c7259f4b6b891a81952448cdd60b226fb00a4

SHA512
f531939fefbb24e9fdcfcdea117820dd7872be169a0b2ddaaee77106f3726f7d5853db13d9e0b13cbf3f34e45d5f08fc384b2cffab408a0ee6ae2489fc66c9a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
84f0e617f6dd84eeb6c650a1ccc38771

SHA1
648e78def2b4b9dc660c32d670525a82a17d37a1

SHA256
aa9bd3c11bc0e7601ded647610acad07974780e81e481c60446693444bcf190d

SHA512
7ffc4e16c16e8a4d485c51ed5584d5effab7b50bf22801e7265541d1522d96a66f0fa3a4bfa49b573762a23e7a6a8cae8649113d19aded524fcc3e66be871b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4bdd4981ecdf3f0c475922af177bbf2c

SHA1
1e9579c3deafca0dadb14bfc13680c8906b0cb93

SHA256
5a7f7751a328d636fbd5a161ac40f3ccb9216a78be9c91f73842759fca0add10

SHA512
f7c0b30de9de399c2f943bc17fcbb21f9597c9fe631ebc07793d12b185b471a07c6e530d9b5068db14e786a785d4e94cb538ee526b50834e150cda3df74f7570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a92edc53530c468df7838712fe6477b7

SHA1
01e81e90fd85e05447e32d78341ef850a72274c3

SHA256
7c1a796659a73aca8f208c4cc79078312874ea7c869c7347767f435a973c51ba

SHA512
6f77cde95f2c3647d745561931374723a45fa1fc39024be2ca03cb7cbb9323a8bd8abd5e0fc69843452d025388ab7a6a223e21e1692a6ef117966d4092fc678c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2ea5e8ff27346fe3e22fdb572a69073

SHA1
9647b59fd145c89f832d2782d7fb0f8980e353a6

SHA256
003f8bd9f0b427b25f79762119345d5718b84ac6a44c118bd10e5a0114985510

SHA512
e018bbba7fddaf725e635b9b7852be8d5ae909a594ff11d857299da7512d80f971682b4a510a293f9ea90bc936be5c9bdcba733c3d60786acf7c965e54997ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b49bbca1ac5cc1da508df2e1f8a087f2

SHA1
c4d6988ddbe6b075436c6b49f4b2b044e6f90c5d

SHA256
f705440e4e3c5be81fd8eefa841535164fbede8fb8b18a1cd731513f0f0ee591

SHA512
d165af32837409811007041e7d268462e7dd5192715832d0813fc29bcaae867c7a79bba6542be269dcc53855cca00c9e8f26078e804380232d47c5da0cb0eada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
67c36be6779604bcf868172dd0da2cb3

SHA1
2a3472ac070dcf0de55fbe9ce9a155e0053dd7e5

SHA256
b9a43ccfbf3d1e5e321480ed612a2191b8a4240b4ad221a0ee62f9526bd7d44c

SHA512
b63e26ab661d59623d38272f44536dbfac99bd861481db045e58e0187d9bea7cc05636745b8fc4a2ea103e41e13f4e966fa89b8da3ae45e0380f3b768a4595ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
83ed1c8a1f44b72007e45166d840278c

SHA1
3bd300a62ae404c593f7d93f500c85631a279a9e

SHA256
6e94e03899acd0eaf1ad50d5b650333cf3ced2af9d4cf11b1ed6fccbabbc8bff

SHA512
319e1bbd4036550d896d5fd1e7222ed22ca09a2a1ba40de99f6167535035cca04e43c79422c467a70c744afe1e86d59283a415009de7aa969f9cf84893798906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
09019da407fb1356c84fa18cb147d590

SHA1
6c97e4fe02b30856e41fe2b1dd19a5d2743f9553

SHA256
e7b76e82a2c29811e4d5620c59d4bc8b42f736d5835cdbcebbc0156fb86d92ce

SHA512
9c7770f5569e917f4b2ff45572dbd09d4855902b6eec21b4189aa7be1ba53f8bde729615f54bd436b7d25980f1c26d3a9923f98c54a0334335931bcb08976f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a6e867a5a05a9ac502d595ba81f54d0f

SHA1
ef32b6db0d35346d86b14d33ce63821db1420121

SHA256
f5fd4bd6fcc1f28c48766aa599cfff8ae30fcbe5da4818a81ec2bcadce8c5152

SHA512
88ebad5714efe4a86ce45c14468292f79212544dc6df62478abd27a780f5b5d75087e4c074cd9ea20014093454dff5e2166e3da0fe5b2e786224852c362fb9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7fce6bde7631124a0e6a63bdaf7760ee

SHA1
ad2d105969061171954d5f12e653157e30cadc2c

SHA256
f94bc981903da58927f956723b83629cc8243cb901190d0fc2babc778de7226f

SHA512
b294de00a52106061ea940a6acb4f875b83d3c255851c4d03f0e4c03198614b1b79b5fddd5cbb7b715aeafb43d9dd15ea87ed06a4d629c1f263a10f17befe182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
8947773c4e671bc0deafb83290a29368

SHA1
9004058e39276a8b7bce48db12a4eb244d886eef

SHA256
41eeb4b6ecd3afa0a731bbb49a79271cdd91a3fff37fe2e17b89f5ceca7cfc8f

SHA512
442c1aa4dd18002f28c03965852737abb0e03e5f21b77d27ebd6ca56661afc107774a399f5f3e976e0d67cd8c7dc53cc4c3f65af9e08557e4f993fd9c0ecd591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
cabad888fb9ef593f811f4fa825586da

SHA1
99edd09bcf0776683adadf75c9ed83c8eb45dc16

SHA256
2daf702358312f8c8b4698a7886bf9ff10e4726b0f9949031836f9fa38f504eb

SHA512
c897dde4b297b5a2c6864e42243514a72254d26e1ecc7972c299122093bcbd8ef9fa9d6113bdde51bffc4b889abcdc9d0509273057bef7dcb320614b5e2963f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579182.TMP

Filesize
100KB

MD5
cfbfb6f9c5daa2ce51e62fbc65717329

SHA1
4bd2d39e69dd239de9792a8dda4627d8941b3baa

SHA256
9226c356fa78d7f5b8e01b1f2d027d457b2001920f66706251cd11701e219fb5

SHA512
e24da3d123958744df3d1549a842eb253dd55e171915a9b81099bbcc1eba16536f626f2e85fbe801f46624154621383425d958b5c9fca1cf3d38542811bd2fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit