c8820f6834a21b156b19de71961670b43b4220413c92839e17dce70abf7916a4

Analysis

max time kernel
55s
max time network
151s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
10-06-2023 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6126.html
Size

12KB
MD5

b2c16cb8c21e421a34f675751e2433c1
SHA1

315620ba0f7dca0cb3f187112791519573c7b113
SHA256

c8820f6834a21b156b19de71961670b43b4220413c92839e17dce70abf7916a4
SHA512

99ff6e9a8db9d1946bdd3961879c3777695b3eaa8e9da81a92f43344a8ae797763b62e2c0428f7f351e342c717f018bc6f4abf385db1688a3d26206f64038625
SSDEEP

384:n8ZZZME81uE1VhuY6wTn30NggQSuS/4IgdYfhFRTWdxFw3z5liS:n8ZZWE81uE1VhuY6Gn30NggQS0Igu5Fn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1720	chrome.exe
1720	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2012	1720	chrome.exe	28
PID 1720 wrote to memory of 2012	1720	chrome.exe	28
PID 1720 wrote to memory of 2012	1720	chrome.exe	28
PID 556 wrote to memory of 572	556	chrome.exe	30
PID 556 wrote to memory of 572	556	chrome.exe	30
PID 556 wrote to memory of 572	556	chrome.exe	30
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 2036	1720	chrome.exe	33
PID 1720 wrote to memory of 1372	1720	chrome.exe	32
PID 1720 wrote to memory of 1372	1720	chrome.exe	32
PID 1720 wrote to memory of 1372	1720	chrome.exe	32
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34
PID 1720 wrote to memory of 1988	1720	chrome.exe	34

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\6126.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6839758,0x7fef6839768,0x7fef6839778
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2704 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1252 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:2
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4044 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4296 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4780 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1852 --field-trial-handle=1240,i,16327942103932262808,1548568576695351509,131072 /prefetch:1
  2⤵
  PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6839758,0x7fef6839768,0x7fef6839778
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1332,i,9073923806813741312,6444794783429468625,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1332,i,9073923806813741312,6444794783429468625,131072 /prefetch:2
  2⤵
  PID:1256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c996f2f56eef91d37ff10317d853d603

SHA1
eca60382f29aa988db36105d279645b77cdc3c7b

SHA256
d65102c1faa5a94b0139356ec7d5276314a477dbf5e0204617f33923877251be

SHA512
397ca3cf4ef92f6874d9dc33650e73145a64ddc4c9d9021751c9376eed8b537e1c05e6467e9779d6455826aec6a415e54652e10c68856c8e37b9c74bda1db935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
141504bce81bbc48aa5766568bf7e27d

SHA1
de91ddf8f9c8b06242fea18e778328c963599266

SHA256
ef2b8978313ef03f0e4124959cd24e36813821e20a77b93f4c86886c028b953c

SHA512
42420229ae454b18d86a82a3678dda407a8f969a2c6fc864e534053822ebdec38191dbe5953066ea1e007b951c33dc5cad61697aa5dcb5ce5dcf1610915d60e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1b07b7753f3c944754b1790fd9694beb

SHA1
5c9036d395fc83e80f302e311b4f5e9c9ca0ea83

SHA256
b2f762c1c9be27df51ffa896115174ad0bddac04e5777e94a2fce03cf1c97c46

SHA512
b00e8158fc07f07db5e5e569e5a21b1bb269abac91f0bd25676d73b71e718978e1090d3263a12fe8a065e2f8ce9e74748c1165587a11640d9e0dc54fa540df44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1b07b7753f3c944754b1790fd9694beb

SHA1
5c9036d395fc83e80f302e311b4f5e9c9ca0ea83

SHA256
b2f762c1c9be27df51ffa896115174ad0bddac04e5777e94a2fce03cf1c97c46

SHA512
b00e8158fc07f07db5e5e569e5a21b1bb269abac91f0bd25676d73b71e718978e1090d3263a12fe8a065e2f8ce9e74748c1165587a11640d9e0dc54fa540df44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1b07b7753f3c944754b1790fd9694beb

SHA1
5c9036d395fc83e80f302e311b4f5e9c9ca0ea83

SHA256
b2f762c1c9be27df51ffa896115174ad0bddac04e5777e94a2fce03cf1c97c46

SHA512
b00e8158fc07f07db5e5e569e5a21b1bb269abac91f0bd25676d73b71e718978e1090d3263a12fe8a065e2f8ce9e74748c1165587a11640d9e0dc54fa540df44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1b07b7753f3c944754b1790fd9694beb

SHA1
5c9036d395fc83e80f302e311b4f5e9c9ca0ea83

SHA256
b2f762c1c9be27df51ffa896115174ad0bddac04e5777e94a2fce03cf1c97c46

SHA512
b00e8158fc07f07db5e5e569e5a21b1bb269abac91f0bd25676d73b71e718978e1090d3263a12fe8a065e2f8ce9e74748c1165587a11640d9e0dc54fa540df44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1b07b7753f3c944754b1790fd9694beb

SHA1
5c9036d395fc83e80f302e311b4f5e9c9ca0ea83

SHA256
b2f762c1c9be27df51ffa896115174ad0bddac04e5777e94a2fce03cf1c97c46

SHA512
b00e8158fc07f07db5e5e569e5a21b1bb269abac91f0bd25676d73b71e718978e1090d3263a12fe8a065e2f8ce9e74748c1165587a11640d9e0dc54fa540df44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
49KB

MD5
6983568534e8cd4d346a2638a0892bf2

SHA1
2df1d616ae8f4989dbe9427848e5974b195e0a5a

SHA256
02043e5d2b23f9582ee2645e55ac26e556496bf25f15d146eda049af1f8553b6

SHA512
11a02ae3e51eea6768f8274178feae2da5398e6c5f62a5d34146ca7edbdd484ff85e59a2e1c61a8c0e1a1eda8af8f9fe9d5470cd357c2b424719b41eb7effce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
28845b8ae04d3a1063e9ccc903932b7f

SHA1
7bd9f1a96b166b678f736465899919034f46231b

SHA256
a11851eefccc1bd22c24a31f80b112a75fb721bf9af887bc8a8788c7023a9a85

SHA512
c23f1d6eb1171e0a4a362648f026ef638257c4cf59330d4548758926e2b8fafaa9d4ee1c156eeae6dc8aea8acf70013426a31a8e2839b0ee0a6118f2ff318342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.roblox.com_0.indexeddb.leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RF6d7e64.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f4b646ef5d10491e407ab8e607b298ad

SHA1
2eefc4478d1ac30db28baa92f2eec9e184f943fa

SHA256
899248ce194a454536eda6725482635de47835a3303832c4ff409382d446fa47

SHA512
5deb0cca989e36b56bb716c013a815d61846e6faa01eb1cfd6f39002175a622db35c234c01b1d2b272bafc28f2dace715512151ef64bbe3f1d190acefd53be99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
321ef8836b175b0c2486d5de75bf1dad

SHA1
d70b52ba842126b16950d0761e148f17a03bf4e6

SHA256
be1b95aab46bdc832ab12fe88af7d2ce9c454862a6aefe83dbbeee16dd1ca46e

SHA512
515db9ca2907ab5f7fb6d55cf165bae8d12d94b1197ae5a3ae86cf42f007ef88d09daccca0437d6be58099235dfd09365bd34cad7abe9689d9deb375ec9002d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
544e44bfb6b41a9235b3b1fc5d7e5dac

SHA1
3b8e4e4509634b126aede8d1993a8fd6e1df952e

SHA256
a97a63501fa2808785a1a4e1b51ad9d7dca00765dea8c2d34a475b129b490d28

SHA512
cb37a70f00168aab9f32cf9e7ec0bd4179bf39c0b9b44d9a73636c2185fae9bcacd12ca783addadaadb567dbcef8a5b584307d1c035f12f13f2b845351414e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
d09e17bfbf24e880f14b9afe30644e4f

SHA1
8f5bfde3df3469bed819b894b5e75f91555b14f2

SHA256
df469f907cbe0c291f39afb99b3acc36edc41eee6117d2a5b9c708a71e67a8d8

SHA512
881cfa00cf448599d6bba0debc0d97c9559dad93d45fbf08fef7c953eac8723f7aaad195dce0aba4ebf69883a7294bda4e1526df556d6889d07ab648bbe05222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ecedea89efac6ab1cea0e3a89b36aec3

SHA1
e2ece584bd071d1252610d67285d1d6df81e8ca1

SHA256
6782f0e4bc2857e3b7a17522d09c89c0bf9772374689f0670f3f3f68e2928574

SHA512
e84e24154950d8cb1aaa99346a8c24e0efa7d1daf91e17708a3a90de9bbb9d2e6de112a19490b3e13fec026500e14c795160fec4dbd816edb55a575e825888ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
61652a34fc1b8523a81ca89162ab9680

SHA1
8f22d640bef694addb6e9b60d0d28238c8608e26

SHA256
5be0f8ca7fcea4425538a03594f913289aa86ab231ecd697a773ef14fc468f68

SHA512
a493e75f2425edcc9c681d2af1cef761ea1faa47df750725be44651c436fcc8de46ddbbe5dd0d07aacc797e0ecc0db5ad021f00c15d7e66b2dc91f8e7333b1a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d11ea296056a9153a045c431fbf3849

SHA1
a59f6887d6abd58097783460ee956ba42d1e576b

SHA256
7459df81203f62a96cb00456b646fceafbfb5354cd5591a0cc29f2c5e0ea65c8

SHA512
526db7415259a792af19b4b4f6bcce98ef3c8207e21fc07923af6b6d12e2b4a0a391fa4d7b439be9b865a64fd1d0272bdb908326ab3f6bfe98d7e8849a6b750c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
79ae40dace8911cf12a56b784335289e

SHA1
76784b4150fd94ef0405b8452731215fb4dc0d57

SHA256
d7badf3e7f830484d97280fd1f04e1225bb4c84c6e70c14b15b1c0ce34fd8b5c

SHA512
b1230cc7d4f1e5f65f7e0fdf1f0f824e8f8d74a41f0f7d217a1802fadb08a4c1a95dbb5dc2aa1dca90c81c566f43db903d133720ebff660b1f657293121fe1db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2de17cead2b9a639d5670b896db26422

SHA1
50b37b6677c888af416864e70b80b6ee1bcdce1d

SHA256
5abc20948371179247ef5196a48f3cb57e07611ed9eed96f4782aaea0f62c853

SHA512
5eada2f5e06405fe84a71d9d0c15fa5cd739a0300f66e4de752a28e8f5154db4173d597c9fea8a1ea08fde78d54e96f51f33334d322a46c7a834bfb9e50cae14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c5f0046473c3446feda5c7ba4d114aa4

SHA1
3a737e4429982caf40f318d38e376c82fd390af8

SHA256
9424885cd4ab354d9676f57a3400f15a6f67f01372f08293460e3c6ae66f4a79

SHA512
d951caafec1d1aabefad656362e04b3caeccce24de48cd55352bf421844b77afc71afbcfab30335e0e0d0821c7ddbcae79a50a72fd63e85278289b3a40cef98d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
78dc395cefe4905eca2d85455780fefe

SHA1
27297548339a1dcfdaed39a2b14e9e91d64b5663

SHA256
15a927ffa1b296192f5a0b40fc99d3f11e487ee30aa639d6822133349449471a

SHA512
36276b8dcd31d5ce06e082694c8560a8d33ef2d0ea8ea16c45fb545c1fa0f4483a0f43d5b285f0dfeac241c05480506ccf5ee01544e92e7ceb05bd856bd6220d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
ac15e4ea126f4887135e095d39523743

SHA1
780ee69f4d71c61e62e94ed978b8b4e33019eeba

SHA256
c8617fff4ea49d021760ea0d21abad73e2ace63c415b2f4dfeb3b4a07b651b32

SHA512
05d782d3b3e8a2b2cac82e067c792187aa44f69c7117b0add398942db0e11cddb137df1a3113d1b1ec4f89083f467fe5659c8a5557eb5b557f5681cd50079146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ce28f8f4-cd0c-46f5-a256-ec2975204d19.tmp

Filesize
71KB

MD5
ac15e4ea126f4887135e095d39523743

SHA1
780ee69f4d71c61e62e94ed978b8b4e33019eeba

SHA256
c8617fff4ea49d021760ea0d21abad73e2ace63c415b2f4dfeb3b4a07b651b32

SHA512
05d782d3b3e8a2b2cac82e067c792187aa44f69c7117b0add398942db0e11cddb137df1a3113d1b1ec4f89083f467fe5659c8a5557eb5b557f5681cd50079146

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2B36.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D13.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit