Analysis Overview
SHA256
feee6ebd9d43e4bfc06c2470dd0efa91b79e98224bb8af5b3f648632b192cfd9
Threat Level: Shows suspicious behavior
The file chinhphu_v1.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-06-24 17:44
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:45
Platform
android-x86-arm-20230621-en
Max time kernel
4001546s
Max time network
6s
Command Line
Signatures
Processes
com.ac.apck
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| NL | 142.251.36.10:443 | infinitedata-pa.googleapis.com | tcp |
Files
/data/user/0/com.ac.apck/files/.ss/l762f62c5.so
| MD5 | de5c3c44479b9f15e5c794a559e3428f |
| SHA1 | 5f6f2cf2ea720cd2675bb68a5833dc900a41073b |
| SHA256 | 692b663707a69153bc5d03480e6fa3c89ea740e5e37faa405c27961a651f369c |
| SHA512 | 9ee59263af740c429d72c0b88f43cdc80e11e012c14fdcd8e2f009fe10819a2972fc334770b748ae5189bc0f357a620d6d243088ed7f3dc632f3866284c88454 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:47
Platform
win7-20230621-en
Max time kernel
19s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\index.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7049758,0x7fef7049768,0x7fef7049778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1432 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_864_GFMAVFCYODXSGFRR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d749e5c3d3c07f0f1c93408ef849a736 |
| SHA1 | c46342d09560d3750aad1cf027e71c5d77f6707b |
| SHA256 | c5a972b971868d59d75f1aa07bbff69b395fa0c9996773d2a054f522a7fa579d |
| SHA512 | c3bf49a2a046bcaf2e2c1f7702bebb4541920afdd9b52f3b79147b75ffbac2178eddda71489d286eaa5d4796169efb6f934f1917b23c211fd03cb6af5affb118 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ffcb328f9f6d7031ad6cd5b361caaa5c |
| SHA1 | 2f4ea070f0b9c42dc92d1f9bde2cd0d190d283c3 |
| SHA256 | 782daccb01a0b9745ffe30cbcc05b6c85388bec69d62f3042dc330e7200f4850 |
| SHA512 | e30a9fce590e02c51ead93c6f566f438794dcf0c0085571b1d220c17040301d35f0d4286119af09b64deb3b102acd2c1459163f4886a41b410f8d78bc85e3ed7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4edf446bf931828708e92a0bf37ad4de |
| SHA1 | 0a7728d7d5563b9cc099e62930f1521a0a8fe7fb |
| SHA256 | 8cfafb5d9c91803ecd21efeb3649b70fe61f860a78b5eeaecc02a04712d88e71 |
| SHA512 | 199479cbc5e73545857dbd2861c294d77492ded88004edd7f6658445167f6c3d3812f1a02a82001aded28f79ae846894bf8bd9076e8f8a8a3ca509ea48bf3d3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e0f2d004a296a9325d0e09e51921fdb |
| SHA1 | a7535dca619b511b9bac74fad4af2705e14d4a63 |
| SHA256 | 2b9be7606587ef200f4477a4f8c9a5a96b615d12b072257627014e0382292ea3 |
| SHA512 | 628ce962f857365faa9754b13c52abd5c035a23376d55b1c658cea51de459bbd8c2788b4d486f903dacdce333ad41a8b11f656a404a460e4b6f2d6b98c48a0ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e5271050ba9e4d7ea3f256353beb07f9 |
| SHA1 | ad875889ead75352f2eca14bad1e5144554a4a27 |
| SHA256 | 8f8900219194a0e9329263ba9c068a6cb0e071e3b298c4ad6794b6b93612cd46 |
| SHA512 | abb2acfb31ec1ee1d29cfeaff33d0d5e190bac273ffd188ecb5f489205527b9fe326eb0a39b6f27724045cb1a66e6110ddd75d501c0c1eca207d2096f0a18ffb |
Analysis: behavioral4
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:47
Platform
debian9-armhf-20221111-en
Max time kernel
2s
Max time network
127s
Command Line
Signatures
Processes
/tmp/l762f62c5_a32.so
[/tmp/l762f62c5_a32.so]
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:45
Platform
debian9-mipsel-en-20211208
Max time kernel
3s
Command Line
Signatures
Processes
/tmp/l762f62c5_a64.so
[/tmp/l762f62c5_a64.so]
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:47
Platform
ubuntu1804-amd64-20230621-en
Max time kernel
3s
Max time network
101s
Command Line
Signatures
Processes
/tmp/l762f62c5_x64.so
[/tmp/l762f62c5_x64.so]
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:47
Platform
win10v2004-20230621-en
Max time kernel
150s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133321023309073981" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\mask1.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb484e9758,0x7ffb484e9768,0x7ffb484e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4420 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 34.146.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.121.24.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.104.205.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.103.197.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 52.182.143.211:443 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | 62.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.3.248.8.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1988_PUCNGLXVLTSRAPBB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c903eeaead297a3b2044b29056226e39 |
| SHA1 | 5e3d39759edb2041df9edd2f0d12c827c8ab3f89 |
| SHA256 | a8231acb41bcfea2d2318a69951270b20a8748e5aa050b1c1c38f4d07874dc6c |
| SHA512 | fa461a33d7017e3c5529bd8a88a16ddfc933160690ffb86702e187cf6e7bc336868c9bb7008c17793c52572ed066364f5cde3f4f2acab320f679a37f411958d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb67c9d22bcd2ed5eea89aa1d0bfd53f |
| SHA1 | 332079d73cff3304454fd38c797e2a95834f2d86 |
| SHA256 | e4d64c46afd77172b3341a9dc3fdca15a309ffc1d66d9b0708b7e09dfa523222 |
| SHA512 | 60baf0d82c129fc4ade29a2cfc34b0db1726ca1f5971809b06c3712535407fc88b32b2403250f0ffa7f3ba102bb497ca9699c094c24985bb356d94881ec3ed1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | c52f862015625f561219c0c586f38c70 |
| SHA1 | e82c84cd51d421cd28f67a0d3a2cd6d25eeb06a2 |
| SHA256 | 33a7250fa05f5289db5f92d8977c94e0e98d58806c529214f7456a7c885b6592 |
| SHA512 | a5a4913cfffb77eb4a438bb4f71c69681382786c6c10d0452e4812892ad1a1c64f6fcdf8c7436379f6819989857e25fda2a16619fbb5b514fe2e8fd8f12d707d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 05d02544df096401dee0d31d6052c593 |
| SHA1 | 447efd7b8b8981de51c8e201462cc62d38b8441d |
| SHA256 | 450cb6311098168da082b389e2f36a6c231306ea1eba929a1922544e19a693d8 |
| SHA512 | 37e7c77ee530793fe9761ee0e7ac87f8b5f57420381b47b09d474e8963c15936b01c8a991a340bc14b0c1541439c95aab8e5ef187b91e8e50bda80eb9e6043e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b98b9e6f41caedca82640e89ec43fb6d |
| SHA1 | 4f2850acd7edbc90343b0cdf6938b02fe535e5af |
| SHA256 | e2d32aea2fcb984611759eafc24234291fd42c3ac744be75e6623fcea20562c5 |
| SHA512 | 8c171c6d1b62433b90e8dae16438e93e84040ed9343915f57ee15fcc04e4c22bb2a241fb7177054ccea277dbb7f31993d25c0f12eef81d008088a2364dcab430 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:47
Platform
win10v2004-20230621-en
Max time kernel
150s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133321023313646911" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\index.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bbc89758,0x7ff8bbc89768,0x7ff8bbc89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=748 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 222.79.74.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 20.189.173.6:443 | tcp | |
| US | 192.229.221.95:80 | tcp | |
| US | 192.229.221.95:80 | tcp | |
| GB | 96.16.110.41:443 | tcp | |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| NL | 178.79.208.1:80 | tcp |
Files
\??\pipe\crashpad_1628_FBFIFBGOZDQPCMIE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3246ff0bd3450a5376dc0c5744015b5f |
| SHA1 | b432d2eb7080aac6b546b0a1569ae205c2aacb5f |
| SHA256 | 335b46df66342f80ea54e5d1dd7a4a099c9062984e157e8b56b4c6356c67df1d |
| SHA512 | efd2bb18a552097b79cdeb4cfc687a57ef67d941585be4217db1c503ab0af990304c4dbc0987cee6591f2fa7aaf3a63abe65fec1037df6a13c6572ccb29d8ea8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe4b929f6a518dcd3d12c63f05ac7563 |
| SHA1 | 34d3368d1da4fc91a812e00e2fe55288b20c15fc |
| SHA256 | 78d941816f61b601cd8e57657fb0f7c599c1a9acc4bd25e0ff389ff0b69ad9ab |
| SHA512 | a4a77d7e6ad8b11e50a435154a7a145a63af38f4fb0f002c65667e72e7477f0e7a972ccce3c05676bd6cebb9ccde7f2c96890c664ec6cb1d0067b3652bba46dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 2c79f41feec7e455eff2d73ae1b95f36 |
| SHA1 | a0ac7061e9dfbc972d6a601e5f6350b5f89ae5c8 |
| SHA256 | 6476801ad80651a1b77bd902eff361ec47126d56bb592823fb9b7a83b9769c15 |
| SHA512 | e1f9fdd95016c018e25e2d9bf8335e1561960007d411e0dc87acc605538f8ce9e7d6758553b1ae1844f7c76749c907cba848d41560ba839b05d6460e2c151421 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76c74e4aa422e4a2409e48e5d555bd20 |
| SHA1 | d84a2dcdbb8088cb16b40810f53abaa61038872c |
| SHA256 | 4ad6631ee1d7312531670a19400778d8d9f8dec0154e3c989d8975a19300b8b0 |
| SHA512 | 497f82cf67053a40f88fe6fc4355c77414103eb46373039f5d9fb84862a8951b89536b05ba6ccad1602d0573a1182e150c73716b35b23d8e9a2e43a97fd2e391 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 065fe99da0b915bc4cc7fe68f1d9aeb7 |
| SHA1 | cefa45a7cb87a1db131e6abea490349d4e7622b2 |
| SHA256 | 7894fcbc776adf9253791f3bc0d6c4416285c4d80f1afcd3ad1f6a2913ab35d2 |
| SHA512 | 203da21df0b41948e00243a755d63283cceac4f16ac889cd0bb4e41de3db3cd5faf943a0e8b1f9961aca6b7ebc559a693ee67247368dcbd942323b9713835440 |
Analysis: behavioral5
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:45
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
3s
Command Line
Signatures
Processes
/tmp/l762f62c5_a64.so
[/tmp/l762f62c5_a64.so]
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:45
Platform
debian9-armhf-20221125-en
Max time kernel
2s
Command Line
Signatures
Processes
/tmp/l762f62c5_a64.so
[/tmp/l762f62c5_a64.so]
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:45
Platform
debian9-mipsbe-20221111-en
Max time kernel
2s
Command Line
Signatures
Processes
/tmp/l762f62c5_a64.so
[/tmp/l762f62c5_a64.so]
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:47
Platform
ubuntu1804-amd64-20230621-en
Max time kernel
3s
Command Line
Signatures
Processes
/tmp/l762f62c5_x86.so
[/tmp/l762f62c5_x86.so]
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2023-06-24 17:44
Reported
2023-06-24 17:47
Platform
win7-20230621-en
Max time kernel
55s
Max time network
145s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\mask1.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7179758,0x7fef7179768,0x7fef7179778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=984 --field-trial-handle=1400,i,7371489435290150247,1079088274097404599,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1400,i,7371489435290150247,1079088274097404599,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1440 --field-trial-handle=1400,i,7371489435290150247,1079088274097404599,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1400,i,7371489435290150247,1079088274097404599,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1400,i,7371489435290150247,1079088274097404599,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1168 --field-trial-handle=1400,i,7371489435290150247,1079088274097404599,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1400,i,7371489435290150247,1079088274097404599,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3748 --field-trial-handle=1400,i,7371489435290150247,1079088274097404599,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1400,i,7371489435290150247,1079088274097404599,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_1600_KZAQAOQNNUKMDWZX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 452f88535dc8a55d13a8a2e2d7fb5b72 |
| SHA1 | b7e7e0706dfc59e385f651471189b1e5dca95f19 |
| SHA256 | 7d6271cb0eb80636bc16d520e2c1b432b34c80059d0b9b0af02079c7f566bc75 |
| SHA512 | 8a7aa9bba4890b8deaa57ff95c7726d8f2725cf1c109900faf5e489533b7ef0b8dbc2937c3e5e3a01fa9bd7663111929d10136e172dad8477f228d1b1de6d039 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f775042bfe0f0dceb80520a50473e738 |
| SHA1 | bcfc48ffae48bcf2bc8d9e0376dab7ef3c0f4a5e |
| SHA256 | b090a6adfe0f6634addd3be720266848aa63255fa1a03a0bc882fd517b2c61b4 |
| SHA512 | c453db65ff88e5592092044c309b3fedb881d2444c45f65ff6ae64faa8c2ecf92be7bc13e7a825da5eb18b31f8399988bacdfb2e46dac8ac1944233c20397d46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 084c543aebfcf137f4aefa1b3d6fbe50 |
| SHA1 | 06295a416ea1f705a3ee2b1809b9c8e8c9e26c91 |
| SHA256 | 46b075e64a083ed6bda49eeb9e0c6fa2d7f2d91b760dd683ae4d5ef4142830ce |
| SHA512 | 1cf15ea62f82436087a7b1511833a1dc3c5ca355645bca837101c5862f96d95b93d806d94498cf28daf698dbfb91a5eee2f42cdd5a42772224d75bf42ad3a4fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6aaf6f31229c2e74252b482b9b49f03c |
| SHA1 | b26cad5121adfe17f5dabdc266888e5417072c6c |
| SHA256 | 61dea9e71b50418a559c7f9424ffb38037a9ecd50f4bdc03daeb2789239c3fa4 |
| SHA512 | 7c4b36e061da553bbd01401d68a378343cb93eccfda97487dd283414bc6c676622f8eb7944eb5514b79f20b207af9a2f12468940b654625097c7aa79bbd0c3e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7677b83d60096e3faf14c736d4d6e80b |
| SHA1 | faafa9c150883073e2338294ed3d293ac31dbe09 |
| SHA256 | 8210a225d20417991e196cdf0caa19d49cfcdcdfb1303644484a97b9a628bb75 |
| SHA512 | 9d8175b13590bb94e9fa2a9847963486235e516e3fb7e2b1f482466dedbcf8066af6a8101142648054ca524a743fc7422d5062d92c1a85f3e64db6e718e8b1e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bcec7eb9-aaae-4ca0-8779-1e2dac748793.tmp
| MD5 | 057fa1b52c4856f46237d21f3d11d3ec |
| SHA1 | 6a220c8cc0fc64fc72db5fdbd42f70a49d42700a |
| SHA256 | 732e99b1b2d39f287fbe3eda47f8c25f20b75a1a1f1906a5ce7be2cc68d7fc2e |
| SHA512 | 9b62db0ee537059a34ae4c383693b82ca09e642f5006548fa1fdb3e49eca39db4f921e602f5df568c18c53ec86443ed78e64272b75609771c9f135b30d6b4b09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6dd089.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 12e5defbed5bc8ee9a59d2f5b49595a4 |
| SHA1 | b1e4375413d50388fb619e1b56fd7f436b73be88 |
| SHA256 | a516244840c2b7696dc6a7a7ccad2e51a58cb3efb4b1f061ff39937972468a72 |
| SHA512 | 18c4623bf2e89b9eb38f4079b1545bec5a2f149b463c12b3d52ce20ac8cdb296d126508fcdcd59ebf6475a842a74f7c0b353605855d14c6d9ec1e966726a144f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fb7dc0aa-9696-4043-a63c-0cd3cdc4dfd2.tmp
| MD5 | 6302298e8274bc2fae77e8c4500206f5 |
| SHA1 | 7007891768b75ef2af0b9b18a9de6d7a2ca660ac |
| SHA256 | 1379e95c10e6bfd65b14356bd6d5d3f7e7b152fa193578896fe29853559408b2 |
| SHA512 | 3b680a2daf4733b73cebc2a95227e443085a510c295b87d21b99f2f8c04c8b3f0e732efcb9caa71b2598fe80ab51e87fe599bece2ad9daf3fe4662ee84eebda8 |