hxxp://google[.]com

Analysis

max time kernel
1199s
max time network
1089s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133294843742572776"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 1816	4908	chrome.exe	83
PID 4908 wrote to memory of 1816	4908	chrome.exe	83
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 4432	4908	chrome.exe	85
PID 4908 wrote to memory of 2788	4908	chrome.exe	86
PID 4908 wrote to memory of 2788	4908	chrome.exe	86
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87
PID 4908 wrote to memory of 5024	4908	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffd340c9758,0x7ffd340c9768,0x7ffd340c9778
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1780 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4864 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:8
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5252 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3520 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4656 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5324 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3160 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5048 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5148 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1812,i,13750892603344201769,9850248103435473379,131072 /prefetch:8
  2⤵
  PID:4676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
76KB

MD5
fa407265f22721ee26102992bfdff5c8

SHA1
dd7d4c22863744cd9d59abfe9f1743636476db92

SHA256
d9c036c59ee5744a30b3ce4125c273aff06d288e452b35971a565da1b5f13344

SHA512
90570c1ce47bb99aacd354d019114d13721beee661996698dfa86b7995877d4c2a4e7891e0c08f8d934831ca55e4ccddbd54a100e859092bf1549e6b17ca0144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
65KB

MD5
b073d577d7e4df41dfac73ee1d0270fa

SHA1
6204b9242f8df0124de9ae7b31cbebfc85201fca

SHA256
66fe4c2a21e0f0cc46184a7b679e1562f3a7cda9cd8a16a9a446b9fbfe18000f

SHA512
c397bc9f8f0c3dec9b38d07ca35473fa103c96e58c414fde3352dcb47db262a887443865bdf1ef36e6b8aee461775feb34ac1eb3deed736673cf13c5dc828a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
118KB

MD5
42f2d28bc118e32ac06f256e17cb0b09

SHA1
dc575b8d825a51acd2e58950861db18824c13f7b

SHA256
1299d6ddb37abd7ab7af528411f889ce30df7822340aec9265e6a6fe210d5e33

SHA512
afca64520577fd86514ba7de9c46c9fea3fa9f778ab5c48f0f5ac2808535111ca16f18924a122dba8eaba389b2ac50eff584f1de7b268377eea2f068f23ad327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
67KB

MD5
a68aef6256ba7450b84ac3dc975dfd65

SHA1
faa54ca9d9169de184533393bd7e58a415467717

SHA256
3740f373fb0d5f5a9bbece5e9a0f3479daa4f4bc450eb4c203a1be18867a257b

SHA512
c247a36cb86fbf2ca17ca65526160d3fa5482e7c0c059dde262fa7329118c6661def2bfa7371b900d2f8393ac246bfef2da8fc9cec0a481c4e23074715cdd9c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
020571683c8400fdf20a14bd05bf7628

SHA1
69541cfae3e9d6ce27bb78bdc65a1f5a56d69f6f

SHA256
5b9f9fb4d4844ea67881e3a0238ddc4a054a3685a7cb39c249e527aae1833839

SHA512
2b2f3ac7645901da79973714922b28bcdfacd6d8eedc87cd60208617c1147a28a805539ca0ff6d896e62ba1ae4a5b6395fb5dac83f619848d6304d35679f9302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
00032f9dbbe4e1232a7882bf77728022

SHA1
b193c19d0939b3690a010212f902c3d86537b774

SHA256
393b5981c73527b4b0f52b415cff111e427f8d7dc3db7d36d8ae8d6392fd9507

SHA512
286bbf6f61cffe4cc10cd2c31159315a30c5c3c499008c82cd64ac3e4a03720417591d0a0cc6bb84d6c27cdd3b97cc1e39229d27cb9d85125fd3e49a60454a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3f2954e774848c8fb6b8fd1590e85f59

SHA1
3f41d1728c756520b30117ad713a82fb9f450ba6

SHA256
ad92ac1477414277a209fe8404d01b2e7332ff3b362759b5cc94e5d11f0c73d2

SHA512
528e8e68a527f6f9b6c84e2155652f41d0fb338ac5755e819ada48349dd83c6907732541efa6696cfa23b9baf292a4a8c988b1c823a4f84bbaa41f0a833b81b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
43d0719529c710459a11706a6ca6c0e7

SHA1
491ea0c94a1ef46f84d9c9e72870b49f53bec5b0

SHA256
4092b6868527e42f3dc36286b62ab0ff9a309c9c6d2fb578e7711396effd1450

SHA512
de4ebdb2588086e3f1ca760407e5163c7681d19d0fede7bd356d01ab6aed3d9130654da1914d934dbf17d94654e79c726f8109375d0fcbcd05b37bbca8aa1fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fecf1303a322922293d4862523e6e6b4

SHA1
73c23389c52fe021926f46c2593cfe5685067a64

SHA256
3ddfc59b97b2e49ec3fd3cf0ad5211533a5ae09da0c7208dc79388de53ba7a77

SHA512
5254551a3ee902dfd35a0d2293d6e73de7a3941106d74c51796bd50761d63ff180e3d174e044d76ae4e4eac5d2451e03fc48f3e2733e9661e46e991ab0da65ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
dc2190d9a814eed56fef07832289ec39

SHA1
c149c0b98078033df0035572f2785953b523186e

SHA256
bef39e55043fe88af60a28ec86878b28d4c8ec6b0a1e74e08c54582bb45dee66

SHA512
1e05d6abfb0f27070ed7eac9dc8925eb47194e17920d3d6c4632aadd5d5fd43edcb9d41c670789013e6fb034b1b72ba195cffb559612e4752b76c1878778666c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
643f2513e2e977e4e92ff8c7da290e83

SHA1
053e362564a72da11093b65755acff9be53c7515

SHA256
1d49645a1b2f84e9b901cb6e667669ba1aae6bea17cd08d91e48838de6ef2c39

SHA512
b5d255278b943d180899185a1272aac3a6739ab57ce4da942396643337e89a404e93516198c92acc9eb9e583489bba92258eee5fab3c8f7ed4d8598700463ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
632dbba77c27d118c16340064966e8bb

SHA1
871a8ab72799c460942d890bf82914c0f2947d62

SHA256
8033f96a50d82a7d4ee5c847990b5886c28f7acc132915088388f09554b61a10

SHA512
f78086181f91d74ba33e9a0e2da345ab534da047d3ed10dadafa29a07a99ff56bab212a545da8514954745fa01f69e10fb8fa5a174f45e9a7305a41f6f8deca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
bb34196fa4b214cb96bbfc51c39c3ef6

SHA1
feb0055d02c776ad93ff71991107c4dc0af91217

SHA256
4813ed97a0f3e7b9a1324e6a522da4196ab261d6225316d8486cd89af9998a27

SHA512
83b2826d10b879cd3c8c0aaa3d329c35de2222bf56f4351820adb84ff87f1e889afbc89784c231bd07f53c38e6194776ff268f8c73551f54188c2f241a18a438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b7afc0fd5a390cb04e835c7d71e17871

SHA1
195e9ec23b5c6d2c85db99892f41c22569245aa8

SHA256
da6c51e39204574539fab0e81639f35cbb0b2f57f35c7ad6dde1f2651275fb3c

SHA512
24c418714e926c3cd115cea9a3d0505c88e740f2f4bd6285db4294337a897ead260b353d1dfa8d57786393b60298ffd2bd33fa995894f204509a7b4e7cb0cfc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
878179280fc90cc74b66e3f898440b8f

SHA1
a69eb6aca19aab5f1dbe585acbed5dfc39d2ffae

SHA256
f964dee67d74c371256c85f50ff42f639025d1bab8ef40bde1b6bc2fdb2292fc

SHA512
5a0814377d0985413d628d166460619b09111fececde214505fccba7314d01787d01d2f25b124a7edad5eb5c3b40d5f063018cbfe4ea6506ce7f02b3a7383f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
35d66c3bfc32fe120358aa4568127035

SHA1
3896b55b93d11c7c4443db45ddf821207385d2ae

SHA256
088dd126329e4f1fde7fa21462c37521988fc803077078ba011e894e65e2cae6

SHA512
2d554f7b4e2783841a3fd84489264aef69f861e6088936102850834b8756a2e79ae94c106edae35449fc990130eb91d0658357d5e3f8f73e3c4b7db0c42c9af0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4919044b2fa02c6848934eda310f4f12

SHA1
59a4f7e22079445fb6081380458c3893dc80069a

SHA256
4e98f91fffee1349aeb3729207d0be1d82a0d5f522450b1e3d003c2bfcba804d

SHA512
6de2c2cef5b598941f13df2e8ccec3c9a90629e8a5789c796adb67559da9fc03e1b6a14c02f671baee7720e722f64e71b9f99e83bebd1f41430f2893726dd453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
311d52e999a4d213120a4e944d528593

SHA1
5cfe153e5c869863f96b91b46b985eac9a635b0c

SHA256
8a13a25d5e2ff50991a7204c73ed61daef9625f902d2df78396d912a4e185b09

SHA512
499a5d6d5c82ba40b71a45717ef801ce7bc913640f55b6c3ca62eea90a32be846a161650d4aa083214a3b1027eaaad897ffc1fdee848f1cab30cbdc3960e53dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ccabcbb74cb831ce79cc3ec9c2641b3

SHA1
4948953b2bd899fc852e7caf9fa218317214fcd8

SHA256
30e6d1f6f545822a6d137b141ecb788c4549e0ad35d03719dabf071cb929c1fe

SHA512
e844058ab881f6b581e4c13028ed2c5846e3998c6a080f6d687ffe3a6492d28ffa49f3b40b195677aeb0be31700e04d708d61e1e9f586ab097fee06d217eeba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
875b1c933709acef10140373abea97ce

SHA1
aa9609fa419e9104b341569b7d462f41fb18397b

SHA256
4556ff4f7dfb6972834502d037138961c6ba3651e22dd59b328581920151ff85

SHA512
7b3423578f8e9e617d5aa4746f92884ee7c0bb09338ff3cda516583499216d7412521f408fe6525ce73ff6191670bc63351e360bdffb964c46f6fb1952332755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f7c927ecba681bb814ffe33c76322b5c

SHA1
6cb584104293b4471d3cf078912e4393f261f1ad

SHA256
1a250f80555a5ac8b239bd48a15d597dcfac3534e7da0e6524b4a4274037c748

SHA512
d47fc3be677b3412f56aadf582462e3ad35307319722716aaef7b0ebed37d97df43c4032a62ca598e861eb576bc950d544e90db42df4b787098f9923cf14d338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5b276f74f967c4084719c25b5cda8d5d

SHA1
d1943c6c74baf6bd3e60cf849c27660905889118

SHA256
e9313b5e97feb8cea27b98326edb985bcd7a8a617d11f98941e4d6ac9e4252f3

SHA512
30f1d87eb614d46591c1fc93c94d3643440fe00cae32d94500f92a7e39522c491b74b34054fe56e003a98e4332bd2697a660d2418b6bbb725852301004c6a5a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
5236e2d47f4794efe272eb33c419299b

SHA1
fc2734eb330f22f871253d716e6f0541b925fa7f

SHA256
906ab8317af5ab6531b61ab31cca4a1623e9a2c1912bdf7ad532ce09e9e04b09

SHA512
2a0bcd25eb43ea221335e96fd92d017c642edc5a3cc2c52e3637906e178afd1108bdc70f6b760a26e8905ffa8a5f7918a2fc9dc4c78ba35b70bea31e69c25bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
65dfc6fcf5d80e907b33a0a807e75f72

SHA1
20015cc74dea82a445e6141efc3bd1ad14ab43c6

SHA256
89181a5d0646dc89589141764d0c3701b034eb8a55c394a69c5fdcd311fa1115

SHA512
3b846fc94a1408d4cf4fe35cc4ffc3cae915f960d6c8d089fdc9d0e0f81d40a45dfd1bfe92ed5b014cc2e39c16592f05c735bd82687f9bafde895833acba6164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c90499ee5e5c48571605996b79451c89

SHA1
06b921c8d52ed5b425894b568566319fc213100e

SHA256
ba250b03eaf5320dcca36fa15460560bd5204c909b70d26de671adc35a285370

SHA512
ea54975fb60a6257a7ebd30015889a5f401c02925024db9916c4962c465c4d4fca4f9634aa570b48f5f26bd890f99125f6d3c7510a14490005e52ca3793eae2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74cc462b84d19f625537424acc69da9e

SHA1
169d0601a780716dc705879f3ccca3b432715fff

SHA256
b82057e1605fb4f4225555c84e110f3210d8f2feccceeb9379f5adbdfed45c21

SHA512
98683b242a1eff99246cc16268e36a87ec42637eec3e98f2e892734b1e5eeb20551b0e0830ef103b789efde3c4afd7520b403f524bfc8f0f540f9b8af22b2f0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7b0f8e84002acc038690ed8faeca5ab3

SHA1
fcd2b7346f1ed30035dd558640f00f3699983984

SHA256
63a2a8486746f4bdde0c213d554bda5ac385e42fee74b3e338f2550cc0f703fe

SHA512
1599d1736e96746273567f5f7a2ab3854a91ceb05f8a81e75436be11c6f68e12192fd0359db68c8896d31eebfb571d1a5a8bcebb4fc74b2530f246f37f9f8c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
c9faec04c43f2838551d5e7a693875a6

SHA1
a47d5754ecbc8c125f9857d20c01d4c6135d01d1

SHA256
1d5c99faf725d0951558da0f4562352b15c8472fe8d48440d1d87aa113659766

SHA512
cbf48705b21806b974b892b27223c5a34581005ba0093afde0aed10aecd6d8331c458364e76cf132fcd8d9f353c7b2635ff97241e802ad5ae59f90a0032c4f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
5e3a709d05df6b31bb314431e278f68f

SHA1
173102bca2c5afb1161dfa1259092e14916f5ddc

SHA256
d385c38ffd4bacc3631ec37d2f58a192e22cc47d48982c49d9cb82d66b1ccc82

SHA512
55627c445fc8c76dd441d5438aff60579b9fc7ae8372eebc179096c7aa15031300586a71e48ed88f54607af310ee83ec3fdea3bf7f99174e1c9457ad32a58e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
8e069dab3fd9424c5be515ee3eaaef22

SHA1
2cbeef5f3ba5a89d690f7934347a5c93720f0ecc

SHA256
2c6380873ac83261fc4b65e9616ec4bbeb78859b40a878caa3373bf7653e6f9d

SHA512
e7a5c0797ea635f66abe059180197d26ce55c02e3be4cc703f33795d8fc1cb847bf83258aecafa696b53e74d5cdbeef178b5b66f059201e5d79f3fedd0f3a3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
8cef2198bbaa322f8ee89bf49e989452

SHA1
b8eaacc3561dceb962b5ca4fca17c87f70c9a180

SHA256
c3c1c7cd8540968c7feb2ceec8a924e377e4ccdf882113e4e5e7b5df80d679cd

SHA512
dd02629c3e08c70a822b42613a77bde89208a60df2de3ab2ff1fcf7cd9e84be8e9cd634431562daad667b1639faf3987e8e85d5a9c9dbe959e52436b5e8a5e14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe571cfe.TMP

Filesize
96KB

MD5
82501eb1444180a4f25922c2984452fe

SHA1
4af6904625e6edea8c3cb68cfc0ac160f10be994

SHA256
373c47f99559ad5cf4ee371c35395e6139ea87e078fc75a4ec97eaab4e4db3d9

SHA512
1ad4abc799b80f7519d3d0f55ea65d7fe4481d83bff98e294ba08c6d55c4d7869f06006f9670b8c759520a85439ed07874fafe7312916ff22e631c30140c3ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit