hxxp://2Pr7wM[.]wexl[.]cc/34546de4235m342356?affsub2=rS4twav69&st=8/2/2023%2012[:]41[:]55%20AM

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 23:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://2Pr7wM.wexl.cc/34546de4235m342356?affsub2=rS4twav69&st=8/2/2023%2012:41:55%20AM

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133354941818209768"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{7540450B-B658-4579-9EC7-4AB128DA4E4A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
856	chrome.exe
856	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 2264	856	chrome.exe	56
PID 856 wrote to memory of 2264	856	chrome.exe	56
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 4524	856	chrome.exe	86
PID 856 wrote to memory of 3260	856	chrome.exe	87
PID 856 wrote to memory of 3260	856	chrome.exe	87
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88
PID 856 wrote to memory of 1612	856	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://2Pr7wM.wexl.cc/34546de4235m342356?affsub2=rS4twav69&st=8/2/2023%2012:41:55%20AM
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8d7a9758,0x7ffd8d7a9768,0x7ffd8d7a9778
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3936 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4696 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5368 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5552 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5744 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5956 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5076 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5112 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=968 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5916 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5960 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3208 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2552 --field-trial-handle=1704,i,5952215346109524276,6986054649083219137,131072 /prefetch:1
  2⤵
  PID:4812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
27KB

MD5
01992aee524dd3cf15bb8e4cbedd2e85

SHA1
077de8e9cb378f6bd9efad123f3844c129d7b153

SHA256
768b51a889da594a0c5f445557c93f1c9500897e51cba54c7462f6b4e2c77065

SHA512
0817e917a32938ff40b24c1a003b69f012afaab14ee518ccc636488d48691e6856a4c84a3e72209df50295dd01a0da62b98f167b254cf838955d2223919ade93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
126KB

MD5
54623ae7487e2b8805b6feede17b3be9

SHA1
4c06ce461c5edd31371e01d0b91eaba96e006bd9

SHA256
912c4506e78f343e7c62568ca187b34e537d09b7d965820258e223296c77aeab

SHA512
6c893d781c91ef4b3004644780b08dda40383e8e4a99df1aecbd57f4846ceab10f499ac1137886ec4413609c9995353a4813977f1eeb527bea86b48e2f80761c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
56KB

MD5
19f562e4a40daaa27240d269f0b6a86d

SHA1
fe2c61eb42a1f41bb33d05486faa9ee996d0353e

SHA256
9e4b7914802931db8616aac9c32c6e5e84d7c356d5c98e00baadb8e42902f15e

SHA512
04a2cabfe61f8d469806476123288ebe19875ee10f586abf05f6cd1525d228012daf2156eaf43df257b234c6afd930c8ebb43621e29850ccf6642f910d6bd3e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
29KB

MD5
159a59d6f5c3dbb19bf4dd6cb708085b

SHA1
6fbdd8107224ee322f44bda28f1d58449620f2b6

SHA256
7a5265df3bbbc750ab52df7b3a4a39faff507f85f09327d3d568b32547f521e3

SHA512
6c7aadbae3ed6bedb0bf93c70f530b5cf5afb4f0eb195e60ca782e3703ea60c223e5ef7644a02e69d564cd6202eae996a4b8e0ba9408b4b5318deb2aaad57610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
32KB

MD5
38914967f89e32475e02334d4a596bd5

SHA1
44df1c936aa4a9331487d26a38c7db9c9a4bc83f

SHA256
f02112bbc4432941e0a2d5aaccc303450c6cc922513c2febb78d2086b7af60ea

SHA512
ac0d878cae36a4a2e52a8c4f9d849a03278b7af306cc494b22506f1296b8a049a3dee20091b34b8335bc8949725389a8d3021e574b70bef325a9e1aa74868838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0ba89c0be2adb1e6_0

Filesize
303B

MD5
8e360e272d92b17769796f273fc0c4bb

SHA1
5a91508851bc01aa6abfdd97301b627a2701cc2f

SHA256
34c7c4a9271f39f510cceac161de4c288dc4f1a59fa0c33b6b53868899f8913f

SHA512
519c02eddb02571967973ffdbf3f802d7b1a04ac576610a376dd79c86c535c714e0ba60369dd220a3bdf930adaae761789bd06fbd07ccabaae3763f43d48accb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1810394de23dc16d_0

Filesize
304B

MD5
edde34b995ab630aa7f543f203c58f6a

SHA1
70d222078600f60bc413f1309767873a466b8955

SHA256
c9da6623c71cda2a9ada5884b170e411a6be0b0fb686d56f742f3b760152a011

SHA512
97c9dc2d73caced1d930046bfe45c0d86708a759d6b786044938d4507e9a85b3bca097cb4cdfce85a05b9f9c620aff15cde1c7c4a6e8b77f5aa1d00e4d97c688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b5ab4bda8debf6a_0

Filesize
252B

MD5
e299def1e14225dc1f917bbaa393c582

SHA1
b013daec3a9a244cb8670b913743dc80ec4629d9

SHA256
badd0a1767c068d2bb4e061aa4d09b30443525bbfcfa4a0c3ff2bb32622c72e5

SHA512
34b6fc236450701e1bb3149df437f272a61ef984fc121a75f8a63f87278232c046c22f8ddcd42d0b4b1af20c9e07aebfae28183cd9db9fd8283bdfca295c79b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\410fc43e68ce2e5c_0

Filesize
38KB

MD5
cac884076a4653a2bdbcb06db43bf150

SHA1
4a2952a8ab7d79cef0941db36d8817f10c4c0458

SHA256
9ca30f17cf6964640552941ad6089ad9cc109b10f7eeec95ab9fb123dfc151a0

SHA512
6576fd6353444899bcfe43e9921613fbe6f70d8c2f850e41b9c10ea0496b82ca41ee965d17953d0538375e3f491a9f76060c1768a994d9041efb0a28ad307caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5ab61e01af9fd9ef_0

Filesize
537KB

MD5
55e9ebb3d145f8e6f9604b6e26fbcfcc

SHA1
64a10276a93f9d8ef38c1b2a6cad8a43b507e867

SHA256
cb2f91ad366eb97d624906b072acfe0a82e094eb7547701b4a2ccf61a52d90ee

SHA512
e332c387c3eaf71d76d68960ee6211059b51e7f3b0a145a2ac829144e82371f9085c7f4f90112f2de189ff9e69315e007353fa729ae82d8093925d334f9b6d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5c557df0a69e0ac5_0

Filesize
299B

MD5
43136cb4eb0dad0072615c7a7619ce29

SHA1
00e1162fe06f5cd6f951d95689b2955c0cfdf544

SHA256
dd9d4554be31692df20c2d48d73ad930e77ba1aff59efb556a429666765f7a4f

SHA512
e7e503b9871371835b822f0d14c94abfe5a8d379f018216b1ecdc829be9d6d18f8fb040eb5a74ace0e7c834f75e8049946f2f493aa347d260a8ec03f1aee1f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\61a5214f312206e5_0

Filesize
112KB

MD5
c8be40e2473d6788d73fa11473a6e736

SHA1
8759d786797be47b93d366b03a263a38ec030cca

SHA256
f79b31a735587e51ce4155df56698b6c46d5857053cca6e368381e5ac5369eb5

SHA512
6a239e1577acc8a8a3627807b83916cd310d2ac0b55a8090c996ed498df622479ffaf4dcaf4c4ee864a5a69d697ec718e71e00f4cce02bec1af5538203b9a46d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\63daa3ba2edef6db_0

Filesize
255B

MD5
37c28982e3edaec694c44dca370b797b

SHA1
f04c3890b9834730064f27c378d2c04d5159b249

SHA256
2a295db1685681eeeabdf9a02f6272a33cba173b6edefa87160279263ec24be2

SHA512
105c4c551fbcf95dce5fb85ed009c85568feb61cf5dc157e8572d0d8408fcaa2a58f7bfe8fbe0c8ea07248a0c706df6792fb8435420147ae43b9e6da027951f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6f54f808f4d447ba_0

Filesize
316B

MD5
afdc6fbd14a7e68a55c07df49012b233

SHA1
a0032a4597a6dbb090d9c56de4dcd0db50f6fad1

SHA256
9e1c8cc6fd5365e2195f2000fb244a8c367d51332e6fe3c46a8e33e9df1a630d

SHA512
c40ef8e40da77c951c47af92b1da092138d7761416619cf0b42b18e6a39c94f6d49b56f5840af74f0c8501762f565ae56dd673347a83381bc9b1d5bf31be3ce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb520091e089057a_0

Filesize
27KB

MD5
76f0e846412f86c13c663d91b4be1dfd

SHA1
e414b95964e79289f2f6ee8de0bb8842dce76152

SHA256
1f830d2ff68c53c9f2b8b4a5d34a792c1e16982a25b3fcd3a1b44b3e654e8152

SHA512
3c83ca9fae6ef8755a4f722f9a9bad498825013902fc056f696696da3aad7274fe88b247e05ac26ef0194da54cca7518e7cbb93ebaf5ad1922d6d8a3f76caaf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f042f9fd40614054_0

Filesize
27KB

MD5
85219182de2e9cf1d7b144e97d940b73

SHA1
b03394ea6a73cb4d83f2b50d36d6cc5e2f60cd41

SHA256
cdecd0b14f788c1ce20f5d108f79eb05a3d8146c3dc862fa72f0e10a853f0028

SHA512
0d347270f0925532102648db7d9206c55d14108d4a233b1e445449ea4d79f71e1bc9ddf5f75c00d9f9a9a67bdb8a7b022c71c3e2967416d7157d22a09c8f1695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f68ad5c44e96216b_0

Filesize
3KB

MD5
436c3dbbc048db06441cbb7557e3bcc3

SHA1
e9d0c1b87fa93fd6377c463bca48260921ebd522

SHA256
5e4966ca0d1f31f6113925d99e776eb55fb381e18c6b19f2d230fb41f073bdef

SHA512
8125083eb070c1af70deb280676ca37f43d1a70ddb29ec4d913ea69dd03062cc3f5a1dac813887e7b0378015bed356555c2b3e167f851a282e5773c1102cdaa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ff2caabed10b8657_0

Filesize
330KB

MD5
15fde87d91ea221e41212a2f7d1c4183

SHA1
dbb7f69be84f3d5bf30119f1787c4d1c223966d4

SHA256
1557635e382be6d620fa2aa94ec52d79378e9a9e1381451a9050a8bbfa41757d

SHA512
510bbb2ff9f6c37f4597c36c1bc825c5297a2e5f68b79d5acd46ee53c9b4e869aaebd41d6bb6282de03fdef6af3f9617ce2a07d217dee9bfd1706cc77c1910c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b2fac9cbd3490c7f3ed795ffb12af46c

SHA1
3bb74ed65fa40fcb91768852dcd54d9797dfdf56

SHA256
b96126a9d13a7bdc9132fa7efcc215eee0e3df3040f3dc342e00ca48d3d73ad6

SHA512
7aa9ce8af88935ce74e324ecd029b19898e57b2b24798724a6e4bc9bf209d44f9288c17651135af0e8401ef9e124e7315d6aed4f97930869e5aea884b013615f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
30c8049dd3af282e1ea5643ab6d6804c

SHA1
55b0762621fabf263a5fd81c5ab82adbe0d55c5a

SHA256
3e4165c7753b7806a5a83b152a47c084cf7197fd250ecb785c39fb9c188dedb2

SHA512
02421217e907b5378dcc34e4a8d46453b0446d2d7e30d67d1481616dfaec4e37f3f4d77b82bec7c860ffc0e78022aee5dcafeec18a5aab9bf9ed0aaa250cf79e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ea07f450aa38fff8da24e587f0afe6d2

SHA1
bbf0107371ba54379f92b9c06f0695c1975957e3

SHA256
555a47f861b8b72a9af4d52710ef9ee8da46162d898cfd0ca42b28fc1b23fb41

SHA512
c6f0addca9cb1fa84dbf3e19ba11fc7a85651e19901e4df2aeff945817fe9bbf6b5b336956615991a561d61a51de9fc78a2393c13aae8ef8a092dd0c07a68660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2dcb1df2341d5dc88b389f3c3d8b4bee

SHA1
a1c686a5d58c57ab385567c833d63b4a2b13df8f

SHA256
9494f8cf1a7c299c42332a2a3910d9900f530dc35c89ac6e67857a486a2a6531

SHA512
ef30322694aa68ff7e4c5e45ee3b54fee24a4d884ad7877c512f091049e584fecb2c3468502bbe5415a59eb09df4f4f78c6cf4e1dafb8bc1bf2df6fe065023ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ffea10d8d6eea3f5ab9d2d57feb7ead8

SHA1
d48be928d2d505326bbcd784c6ed7b1ed9634211

SHA256
4b5026345519f7001a9cca90654b611f36ae496f59978aa9939732a50cb468d3

SHA512
4fa408bc4deab89b2d385b4192934c9dcdf230cba5847c84bed058ec73dcee972b7eb886abbbfdfe648f6ab45288bf64a07acf90f7b915fb00a680bf62049089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4a1c4c43f82bd08d310d33a41f7b50d8

SHA1
e04886ef81597a975ffb0187b40ff9b63199689e

SHA256
f36ce72202ea62d60976d5573729716f43d54ed38aa07123af8c5d7b512ba4dd

SHA512
1892ffd067acd737b8dbad68a8d9be9f7dc365e8c89b8d388d68725dbfeb72dd2cf4aa5ad9214f3289b9d14b09f0612c923b175a28488ef5b021c3092b07fd20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
84f4af0b32c32d34f1337bf9ab967a35

SHA1
74f8553c5bbb06714c68e4f16a7c25fb1cad168c

SHA256
a5b2293734423eec8401e717f9be6ecb98e257f693cbd8dc512ef91353ee7279

SHA512
4352c6a1679ecf1e17d209bb524dcd2ca033fd3919a6ce0c801fe737e59557e716c10588f5fa37bca5849533b53fead8c3d332a58d4dad0adfbe03f9b21864dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
017759e77753bd004923a578d9909012

SHA1
9a04f40f1e4dd9d38723d14538695892dc6ae38f

SHA256
6fe8cfd8306b9b9ca0bf423f839c10a29276bdbf7b8a080623b17a67a33be2be

SHA512
e04359805b60589b7b3a51b0eddbdf61e9e7aed268cbd911f96ce10277bf85f0edf520e1199a1dc0de362ba116573a38286d7e1cad658de341df7316854448ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
52291143d8a0aad2b86ac5073f0273b0

SHA1
2133586caac2b346fb11d933da78c6dd4eeb0987

SHA256
dbdb9a181db33409b31776028936939f23535137d4904203688120718c74c0a2

SHA512
ec702af15c079d2f9013c0dcfdba04cfbb1cfb34bd81b2913591cedda83d2b14edf36bd24f20db1d477e64172ff40ede8247bd8bbaefb02e692eca5d66267b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4ae9f09f8a8f20f86f6b1257993725d4

SHA1
9889ae7aa2025f0c9d66acf13b634e88fcbd24a8

SHA256
92e3bfedd64f27b9b06d7db98a5b03ecca37b485624a04034d9adf9b03f94a06

SHA512
a587f3d857218e69bf26ef3f77000bd101877c77852738851798c779ad63f4dae3046e5984ee28603bb74dc003113df128c026201b7e01e7895a4c562457c680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
27KB

MD5
34a00409144c984f8a83a6903a1ba560

SHA1
e04b1759674391995bb5a1139c058a6ee40e25d3

SHA256
13aa511a0357ed3cd7db4b5cd06787f9d07cf937436d06e39712163ad1627cd5

SHA512
45d56247fa8c035b4c2249b3612c3afcb222282bd63883bb27bd1f447ec4f9e62e92b3f882d7dc1bbb9e50e8b9a5c78da653144d4dfc130189d37fac9570b5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
58KB

MD5
188f6a887e69d4e0284a67e12a5e7cf0

SHA1
f8a6c07b5f6b7c76e05ace7f4e405a19d2ad1e47

SHA256
be91c3c77684a0c0a7d8eefd28170baeb7f0e668d4305a4c19b719d6dc7ebce8

SHA512
ce3ea46c181c6d9cd30cf421b3bd57228f9fbf3c054f7bf44beabafcf4803693ef6e10753127f86eb3e4e939b1490f30671557f4a67908866f9c769dfff4c9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b61b9c4f439437f44e0361d0854dfa68

SHA1
fd762d822f7875fd6d1eace52f99d43943913827

SHA256
4e9ca9052661d3ae024e838a15cb9c336c7525e2a2e8d4c8dd31c5e8a8b37f43

SHA512
f6b261ec8ecd8fb89aa9a6a441bb35b564d772caf81d191de89ac44dea78f4569854496b2d564a6c7b76e52f373011cf2f9a8cf60211efd460aaf87de7a87c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580366.TMP

Filesize
48B

MD5
469a647f3d900d8bdd4c8600fda7b977

SHA1
6c181327c41c4e6059d862131cbdcd2d5e6b0cc9

SHA256
185ae800a7e4a64b98d2f5aba328cb2bd9459a8d60dd2d4b3da5963ece7b40b3

SHA512
efd7132905c1666c6366cb3641fef9aa7553365dfd2f9b28d63f41d96441a6356a94f7ae2af9e5b4a72815703364fd0d0fc5c7dcaf93253122653cc89707e6cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f1fedae8-be73-4a1b-90ce-b7ce6002f570.tmp

Filesize
87KB

MD5
1262c2c7b9eca7bfe49539786fd3b54c

SHA1
0ffcbf54b643486423a1b6574c97d9f58bf5476a

SHA256
d99676e4a9a1068f4e72fe81fa86973e89b33e9f43f7ddc34612db0a11a6cf10

SHA512
4138105f9bf513801b20e62eacd16c2ca52bbdf1c6a076fe00bf6feebf048aaac6afd46f993b63b89e35e2aadaf70bb4725628a2c2c43dbebdaea1b03e36ffc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit