d755331262471b1c5fb7c47ad5e0e5129f8c103f3e5df06120b3f8db61c31aae

max time kernel
476s
max time network
1449s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
12-07-2023 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unconfirmed 278138.exe
Size

1.6MB
MD5

085c248832ef03881059faec18eae7ff
SHA1

8477892aadc283f5d000b2c36e4c44c370f59727
SHA256

d755331262471b1c5fb7c47ad5e0e5129f8c103f3e5df06120b3f8db61c31aae
SHA512

80d3327168c4597554f441cf29360d9ae982bd36afa7e6409c6e2b779eddc7a522f2bdcd190a82517fb445bf7714377f30a79c2cedea168f19139d82cc94c43f
SSDEEP

24576:u4nXubIQGyxbPV0db26ifZbRQKiFDhbGh3+shiy/wxwWIFgi5LPxf0XE:uqe3f60oKil5QhiyPbFT9eE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Unconfirmed 278138.tmp

pid process

2096 Unconfirmed 278138.tmp
Loads dropped DLL 1 IoCs

Processes:

Unconfirmed 278138.exe

pid process

3036 Unconfirmed 278138.exe

pid	process
2096	Unconfirmed 278138.tmp

pid	process
3036	Unconfirmed 278138.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

2816 chrome.exe
2816 chrome.exe
2816 chrome.exe
2816 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Unconfirmed 278138.tmp

pid process

2096 Unconfirmed 278138.tmp

pid	process
2096	Unconfirmed 278138.tmp

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Unconfirmed 278138.exechrome.exe

description	pid	process	target process
PID 3036 wrote to memory of 2096	3036	Unconfirmed 278138.exe	Unconfirmed 278138.tmp
PID 3036 wrote to memory of 2096	3036	Unconfirmed 278138.exe	Unconfirmed 278138.tmp
PID 3036 wrote to memory of 2096	3036	Unconfirmed 278138.exe	Unconfirmed 278138.tmp
PID 3036 wrote to memory of 2096	3036	Unconfirmed 278138.exe	Unconfirmed 278138.tmp
PID 3036 wrote to memory of 2096	3036	Unconfirmed 278138.exe	Unconfirmed 278138.tmp
PID 3036 wrote to memory of 2096	3036	Unconfirmed 278138.exe	Unconfirmed 278138.tmp
PID 3036 wrote to memory of 2096	3036	Unconfirmed 278138.exe	Unconfirmed 278138.tmp
PID 2816 wrote to memory of 276	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 276	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 276	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2716	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2080	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2080	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2080	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe
PID 2816 wrote to memory of 2924	2816	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Unconfirmed 278138.exe
"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 278138.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3036

C:\Users\Admin\AppData\Local\Temp\is-4Q7ML.tmp\Unconfirmed 278138.tmp
"C:\Users\Admin\AppData\Local\Temp\is-4Q7ML.tmp\Unconfirmed 278138.tmp" /SL5="$A0022,810935,780288,C:\Users\Admin\AppData\Local\Temp\Unconfirmed 278138.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaca9758,0x7fefaca9768,0x7fefaca9778
2⤵
PID:276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:2
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:8
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:8
2⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3328 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:2
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1388 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:8
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4044 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:8
2⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=572 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:8
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4180 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3676 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2540 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2224 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2556 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4328 --field-trial-handle=1380,i,2038986245337152820,4245896975727027028,131072 /prefetch:1
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2476

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
68958c8593a8b224ed06fe66c0f4f954

SHA1
b079725144164159ff4b87136180fc60749c3205

SHA256
122bbc92401ed19e4721b43ed90c90c5b1386757d6c3776e3e0624b84c0d0945

SHA512
5eab128a4848a9df24cf67c777e3efcd86ea5a505c888a60aabf00797b5d4e3b59f60cb8c71671ddd23a8ea51638a260a3759746d3fc1dc3e73da67c6c8161f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fb077c4f8ff2d2040157ce1018a8fa26

SHA1
69cf3a9006e5edc32555893427268915e3116533

SHA256
dbd6f0507233a82c50e104075a49bb73d5f2cf47b4212402e194903b22e92af9

SHA512
41b8f7eac4b43b6be39b2442eeeb77364c0b9a17ba18721384bb9228548636226b7c71b0bf465151f0cef541fb0eeb9fdb88d3a584906b6e909f1d1eb667f2b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
266e28a30da4999ba9e6a07610d87434

SHA1
50f0e44bc1bfe16969608d4e941fd9e17f77ba15

SHA256
c655c535680c040b5bb6163430ce6706e0fdd3dfd6a8a15a7111571aec486e38

SHA512
765e4d9f1e932c5bfb45929061488db06297e2f34729521fe23352d163b00fa99d4c55e2492aedb0773be65ada55e1770e031cc09d0c68a7228e88bb48021272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b3386ae4efc856066480c4aee0a84dc0

SHA1
143469eeefa7a281ebbb72f055a65e369bd03d45

SHA256
e4779e3b6618ea7da57f88ea364e04111b573760205595791cada5499ff3f560

SHA512
232172910bce2308b9e1480551046908a8d08e1545c6e4b0bbebbbc30dbe77709a2bde95a803734f2be18ae30b20279dd1b01e99811f32b090c84517adae4794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
00dccbab3c0a1740c45a950f7e8c5d0a

SHA1
eb3ae12dfc95fb9755ae0753a4be7d92e608a89c

SHA256
61f13b277136016c1b489062ce0a0b8f07aadb1e6fe6cc19ef55d87e4e916c29

SHA512
2f1763768f6c6820969649726970c070ac6a1f2ee142e7b21b9b82d559946c9c45f834fd9b52606d623f7c8062da23a6c4dac8d1134d9759973442b5015cb45e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\70221f4d-ba37-420e-8c05-b19e44e03c40.tmp
Filesize
4KB

MD5
c04448b3cbae2721dfa66eb289034a73

SHA1
62efed279d3b0da3f7231cdc3248be3895a95473

SHA256
a81e1fa7a6cfb25cfb5748bda5844c651f0de64d900d09a1b3768f2c4ff4671d

SHA512
a15ccdbe813a998867a04cad5ba2518360a36cef278a818eab503f58cf38ab8dcd4c9a00d008551e561ecc9a13227db79191dc34eacc2e9021f821f334f73293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF705e09.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\984d8550-a536-49d3-aa12-49bff338bc6b.tmp
Filesize
5KB

MD5
436a1f63443085c0ff5c38480fe15f86

SHA1
8b395614986714eda0a21d93414d45710071a14c

SHA256
021e179b5bece39edbf2594520afbdfaaa6fdc1c9a5f9247718d81ffe13b2416

SHA512
b9c3bd248a7373be516ab0fad8e26066245fe190c2bbbf040b4afa49bbe10e4be9f833f82de146a6edab962800db1f471126066ef63ace73e6ff5f017d3b274b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
7d4e83f5cbc52ad4112715a1a9da802f

SHA1
d5250a12ef551df578f5fc209e001f5c43bf879b

SHA256
e91260491e7491c89d66fef662d9df676c0257c10867032edf3bfb33e0dd39d7

SHA512
3165bff256c6e25ca30d37a8d893e3a36eea50d7e685979bbef08783f68c888073be96097fc7b9650ed54109c1ab5d99b48bd72e3bda87cfd7b4e1fa1cfaa47e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
46f1677ea47519327ff07f50891e5d50

SHA1
f3e8d2788ca7c174bb74e9efbfa19ad745ecbf46

SHA256
f03679d2939c6296b759f229376b62fd29eca7b1ab8c48dd77c7cd6a2f8126e1

SHA512
9d0919a965c861fd4ab6a4fd4e7ce4086c3eb5e1194e8f6ed1050fc642cb6105d3f58df4c1210e9448becdc09ae481c40679b517f2cbee8a9e1a09f1f1bdff39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
2af3fd84432073e4d8e52472e3c9ecaa

SHA1
d88c10199958d6e45e3e2f0eccbf1b8655045ade

SHA256
b7d30abbffa8f3f81a842306a06e9b61f104f6cd1d022feeb6b6c0f12ced5695

SHA512
c47325cf65456d5677171a28eac049f78aa1092e343541d365ff24af9e4ae0bc9acb06bebbe7a41df024db47626831e1c35a1396330b903b24488b8e9d135617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
2f1a132e9c0f8c6170f016b7ed97d954

SHA1
2ac3758ad40bad9b764e49989f9fed7e82aa1e8c

SHA256
9f2ccdf51a60f5e9cb82a8c33e34d3e1451e6c26f5aa46dfffba5581b254ff5b

SHA512
2918f43fe4789b69d1796b1b304ad6ca9d12fdd2fc654dabd7e2edf6e5b956a9e00ebc75e698e6a1734cd99bc9d81f82c8eb2522f7dcba7b71ef758d1d57443d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
0aedc61fbc28ceed4cf19298ab9c9b22

SHA1
c9539244d4515085483b303bc7c150f5a0d85393

SHA256
b46e3f07dbb821db5e63d64d42b91652e53350a9d3ffdeb981617ba9da038760

SHA512
582d3b03695aa7562569915dfd163ead68c58a899ae650f16a225b2d81ff0ed336369d01ec97f1006843af2c7c00e2d88dbfaaff3b02b205b814c7d156db292a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
e2a0c2e3c326580a4a94731e58cf229d

SHA1
31eb104bf3a97117dfe9bd4769bc543a48829fcb

SHA256
e31b8fcebb3ee627d9316bb0d72d5d5b2b4bbe15ec17ede0255b1fcb8d9d467c

SHA512
ce43efe3eb268176cb2dfa3d7944cec9fef900dbd688ab813f691d6723daf79946810399158ae05f4cef74c07fe2efb226c8e72f956afe9291840759f0fbb5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
527B

MD5
7a362b3da0c03460685447e8941504d5

SHA1
cc393790911237910153aa69facee9c231a89309

SHA256
78839028274bdac206de1163c6daf15ae657d2237f83c0598a833c04c22ce68f

SHA512
b21a094ebe07c2192afa4502cb7d0eaff0715877b2a440bc10e73cf33809ed703d617bd8c601d8decd67744ded1be000707f2648dee7b76762f99557e52aa60d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
12bacf99966f23758ce4fe8b667ece82

SHA1
9a906de0f757dab1516747cad3d40d1162d5fcb3

SHA256
a9427f072597d853c819730b5c0e8683762d3c43eae15824079c629bd0dbb7e4

SHA512
a16a5469e316acadfd549f3555c53d11fe916e42482ae3a5c136c311ad61baf4e430775cb25fa1dc7cf24969edc2e0712a08209e3ab12be8662ece566975be87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
fab94db27301672543a2b090bbd4ad20

SHA1
4c759269557e70f9bd4235669f5faaf2a0bdeee5

SHA256
628afeff93ff7563566f5616bb0e00415a3fd698ac294fec37bd6ec542c74a55

SHA512
f2ad52f8645d00baca25fe715d656034393734c96c06fb261d959fc82ec3a0afee79877237c883cd1833f8260826c9645ccf2b37f804765a6252c72182db6f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
61c19a1efd466d64689aa8a1ade6818f

SHA1
2cf592be2227dab8d0e52a3d822740760c8a7247

SHA256
c1100b8ff55a0145646829361dbe81ffee99a6486c78cea81517b2365212c60a

SHA512
82a83891838a7bf8c8dce706fe878d632ae8a0586f87e5436a2a505583a89878c7d985cf52e9b8209cc57a98d6ff326e4f293e3d79660b330bbb98c6271ce33f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
3886f55c5ee13b0133b6e07b437a7c4a

SHA1
639dff026fed17ae21a8dabfb5fc1edcef71d341

SHA256
ddefc72a76834ad1aa58fdb58b3f0dbc5ad1f350fa7d99a015064e72ea0a4bee

SHA512
96b20e72a3febd503a371a03619765308325857ab123543ac03a7d106a6fac4ab86d3e5cd391bec9aa2eac942070fc74d37fa851893bb93979c39fd327283cf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9254.tmp
Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar937F.tmp
Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4Q7ML.tmp\Unconfirmed 278138.tmp
Filesize
3.0MB

MD5
7e06750376491b308c2a6e35eca13b1b

SHA1
36ae9cc7ac76bc97288ff1c36c4aef9cbb8b1e47

SHA256
628a8a5e02456d23de8dec3a952f9e0ae3c464aa4a2ef884242e4486920828ac

SHA512
a77e1d2917a5e77abb25732b056da980107550eb1e801c02f71db6c6941690fc20a4ee52700205d5c1d7f8a981b2b13c7fd6b79b582eeb1ce5f9c97f7e0ffea0

Download Submit
\??\pipe\crashpad_2816_NCAOXOVLEQLUADVH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\is-4Q7ML.tmp\Unconfirmed 278138.tmp
Filesize
3.0MB

MD5
7e06750376491b308c2a6e35eca13b1b

SHA1
36ae9cc7ac76bc97288ff1c36c4aef9cbb8b1e47

SHA256
628a8a5e02456d23de8dec3a952f9e0ae3c464aa4a2ef884242e4486920828ac

SHA512
a77e1d2917a5e77abb25732b056da980107550eb1e801c02f71db6c6941690fc20a4ee52700205d5c1d7f8a981b2b13c7fd6b79b582eeb1ce5f9c97f7e0ffea0

Download Submit
memory/2096-650-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/2096-65-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2096-64-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/2096-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3036-54-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3036-63-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download