hxxp://172[.]66[.]43[.]175

Analysis

max time kernel
300s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://172.66.43.175

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244390648370785"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2275444769-3691835758-4097679484-1000\{97D6019D-8B44-4326-B3F2-C97E7AE94590}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
4712	chrome.exe
4712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2192	2296	chrome.exe	84
PID 2296 wrote to memory of 2192	2296	chrome.exe	84
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 2264	2296	chrome.exe	85
PID 2296 wrote to memory of 3244	2296	chrome.exe	86
PID 2296 wrote to memory of 3244	2296	chrome.exe	86
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87
PID 2296 wrote to memory of 2084	2296	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://172.66.43.175
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac5609758,0x7ffac5609768,0x7ffac5609778
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2824 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2812 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2800 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3260 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3296 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3280 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5336 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5328 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3240 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2700 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3188 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1812,i,12660595635752694593,16186128598898474991,131072 /prefetch:8
  2⤵
  PID:2396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
162KB

MD5
4043af37a3392a9db521ff9ab62d9608

SHA1
83828688e7a2259ed2f77345851a16122383b422

SHA256
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

SHA512
97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bc9439473ca83a7f154a7367bc86f128

SHA1
9f9b863b37dc27124a7cdecf7fc96845951c1b59

SHA256
41d6754813d88da3bf63f907ec2c7f34076b282c4725ac9ce834d6bf97e6b84d

SHA512
0b8e5eea99b254853a3506bbb000ed3e8d49d93d358b5ed108c8be6d8db7c1f13823702de5f58490b280be4405c6e1db4edf156cb94d371bda031569c4a2baef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
31dbccf79422e3e89e1093c564c44687

SHA1
ecc838ac756a99805e9c00df3c35e038676de19c

SHA256
648b637b9a9006ee6dee240a6998ba25d71afc56929f6628c1bb44aa320d85a6

SHA512
18404e4f656d7acfd525dcd97d301066b081c228ac46f28699075d1ce97b650fba556eab43a58a9f4c0535f6c8e6a42ea6e8abe1bd06f9e3e1134c3e07639896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e61ba832143274fb2c84385663da19ee

SHA1
28896daa4e3b5c6766c7e5f114e6436a1e7d5ffe

SHA256
46b11cee66f15ba18c36d0e03e3c3f2eab46c40188b373eaaee678ba3beab56d

SHA512
d26fd88475831b7769ed1e8d7e7d720e1495560322f2f237ac66917bd9257b7a2bfdd121d70f8a1e6e4345bb774e3498aec16b8e8170002d2d1e89c9b4c1387f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c2dfd4cac73738df0986c85709b9d13d

SHA1
ae649ba4a4e6a89174b5bd72f623f508028420e6

SHA256
d4c0adafbf10a92c8ecb50a3f6cbbfd94770255ee4643fd03eb08e0ac65aca11

SHA512
b0276943b336b0430b3d33681b013d1bfd2a93d618bf5e9207dd273c6a2c9dc01918155d1a3595e6307532a6e21304df6b30dcba09cbde84d0a6b69a6cdf641f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
24de5701f157b2eee47388b9a2f5e8d9

SHA1
f6f8cc8c03c736428ba867a08d362a19ff37eb04

SHA256
4a80f3ba652f8e55adc6727fd498974142c3a9d0b23de5cb6bd8386e553c01a9

SHA512
b155bdff57464b4009f654fbd296f580beadf95f3436aeb8e681f743ca15474ed57c7e7986ec80006feab1b89ccd06ede737d3aa60067fb35797511e106060f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
da5c35f20c76b6b939b34e45641f984d

SHA1
4faba7f97cfaec8d27564351845bab9b14a71931

SHA256
7d330ac26bd2164151a1aa6e1232796155e44449c9b1d65eced0e71d6f38a9ed

SHA512
c7c690d571e72cd3cc2757189592c18f05f3b7ce754354663f43dfed81088e3d25ab212bd561c7e70109654aaa0e257088c3360f8e58c41cdcb146dc646e0e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
e4788b8f6584fe73c2b645b15fe4315c

SHA1
55e2fa2590593534637db0ba544e81e28893c63a

SHA256
2619936d2b334c8d37e211ac392d1637d2f480fdfc8f53d187b376672e5e4e68

SHA512
f4cfd5893a8fb5d5c8557cace72e0e8aa19427aa51fca89f8d6f79e1c2cfe99efc0d8e23e1179e6e7c108e31b00c1b7eda59b4c9e1f416e53d97947c85f66dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1079e32ebe36d2e34575bd87cbbfcf3b

SHA1
ea2475931d3fe196f20bb5d205ff831518f290c3

SHA256
baf603e5b9109822898f283fd4c75976e4b19d876f3dd411cd8b7208ab85872f

SHA512
b80de674d10f1e2958ced21c1dac920253599dba11a744be6923af673c01e89811150e780dbb8de7ba36edf016dac76eb2e95e6b76c9fca9966d8d8d351d07d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8e151566be897d8d332ad8364c8d989e

SHA1
4af7cea21822e36b828f1be0db77a79213dda63f

SHA256
8d93cac710f7a3c71e48f6002ba3dc0d53113e4ee0f01b7903db87ff11474dd0

SHA512
f22e3359fe5030a4885d85e31f618e2d8eeac36bdf409facc2aa842d096e1c00f94712b7bad03fcca5fd87884e0461399bbbcd0a1234c5233ceaefc98a45277e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7726cc804b2f6213e059caa4211df1f0

SHA1
ee6c1a806e8169ea661e7884cc11abf212b2a5bf

SHA256
8b0d3b8f1dbd2ad206d663f2ab67405624c5ceb68dec073d99498cef1dee4a0a

SHA512
78d64add315f1e973f07f84f1d5ba7a91c5ac6712d017edf3b920d610a368f0836739e1728d0114ba8925d8780b8fbc2a13293f49681c7f169906e3aa81a9255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e6421c6b1855845c940c688be59009b

SHA1
1c7fb29003821943f001795e3588cde45498e4f4

SHA256
8168d9a7e44243b946edcc16db11db927cd846e0ea99b31ddb3f8666db6db193

SHA512
082d8b8e72e9285a6a25e84c36ab4660978acffbdf754263a6932546867cef7bdfdee25b562cc26aafc7d3850013afee005087117cc3c8cdffd6d0212e65b796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1576c5d830a0a86b8afad266c42ddd11

SHA1
b0b02ac63af3f2cf0b027e67f873dff149ded02d

SHA256
ddfea7fd74a9ca804a8f98535cd1839a9a8091cb1f32c6f053bec88c37121392

SHA512
48a9424ebe6eac3ab042edac127ec215421fbe980b601c9ca8d8d43b7d2f04d53a7d6a50410904d9e77207fff579a18b7721bd82b48a353ba96d818954afc16e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7d0255e8656c97605cffaa5acbdf6ed8

SHA1
e5d832afdbb2cb3a90e00093324ccd2a32ebd84b

SHA256
c7649e8781ad1af2d020c4ba53d50b3d17503091fdb67584ba3db8b143a4b38a

SHA512
504fc18c69242463bef1f1b958073f92c45401a16b630a4775cc2eafbacd6724da962a34abfee25e60c04f7bbea6a415cece5d05fbce697f75d69518218e6898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1c153eb4cf1f76bc656ca4399611e825

SHA1
d92d9d3dfa335c9c6e8a86a4302226f82cf1766d

SHA256
1b44c9cc9b161f5e0d1988e54e9b5bd4cdf732ae855b7765936862fd9ec98bfe

SHA512
b453f81389c9cf1c0c343a1b4d48227da8f2c619ac1863c2062a38c8de6fe8bbad2488564f7395c35649905e302aa38f40f0dbbc1a1347c2e1e4574aa7edfca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
91e66668ddbe2063064f5c77f292e9fd

SHA1
a176699f1b8888b8eaf704c04e5bdee0c9a99d79

SHA256
dc46496ef0ee9f5b10d78e007670391ba19da0f8f227f0443bbb4aee5fc0ba37

SHA512
35a4effcb1acf742279cf53bd8895b2c4c56f15c7c957d2fa9c95649dd671a351ea5f6a1f1759091c9654851b2424886e367f51bb3e9547285f4a687dcbeabd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b248.TMP

Filesize
120B

MD5
97faa8d61fd564b2fef89a5d87b875a4

SHA1
ab4df08e2b8f068e2fe1dc6e86235e89773d6de1

SHA256
79af4e1fae17971d8786825cb48ead54e6e41fe0ed2f49d7fba5718999dd6a12

SHA512
3b3f0ffd9c3cd9aefb4f4a2111969736110400b09bcc3a0fbc559e1de1f3613c39e7fa5b40fa5ec56373d80c8152f8b4a20afbea5cf112ccc6ffb27b1797a28e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
09df5339ef8729af8860237d81fee588

SHA1
eb0e6be691cc8f36e573a93242559141f1f7b38c

SHA256
f8137764527baa12083b9b39185f55b10b0b801a1456bb0816a148fc9ba86049

SHA512
1632dc66ebb6ce04d9ba11b21a044d8a414aa2de5c14bf4a72b9a678e52ff7a223d0516ca54b4a6f5fd7d7a5e1d597256f081c5b3cb4ae07e69f61dfe07e78e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
21506213bc275944f3765e24a106d629

SHA1
5566e7b226f02b6f31f3a1abab211637ddac58bc

SHA256
8f97f0164ef635709c73507ed4367e86afd3643f677542c2e3dbd5cd4621c4f5

SHA512
a818257e5667f1c80886c8e57d6b8818a675536d3ba1f84e2a2e49cca20ecd27a977fc76dd61f22da0f08bf48998f3dbc53cb337f098db5d5aa7d0b6cc391ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
49af8e239774e82f85b41729f44cb665

SHA1
53097d10ae3ca44046adcfeaad34c53e0e49132a

SHA256
25c9d66680eb102e4561e25d32a73b8d04ca521e3c87af58bacca2e5acf11256

SHA512
8a422d234328ac20dcd2612036a0d28601b2e78443ef8a8de4b61a5d51ee85c5536ccbe02cf44d060628eadb5667239256c910361c2f4ddc7e404ed7f9c9ad24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574508.TMP

Filesize
96KB

MD5
615786cedd08237b770ef521bfa2fd95

SHA1
1eec31081028eeeb87e91fad7d6656175279c42e

SHA256
60c20bc0d110762594f7951eaef08aa9b6190538abc6d1d9828a491fd82d29e1

SHA512
a8f0c0908132974020bcc68b12ff426643a5f7c9ce70ad9f851c8ed00834bf743d29c43c628679e3e5cc62ae46820afb3f057d2a7c650c5155a9ac6591dd51b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit