53285fb142e48bd1a568509c8997067370ac4578b3c92d8c3bc75ecdebc2915f

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Akira.exe
Size

5.1MB
MD5

47feab24e4a7a088fcac9a7067cbf318
SHA1

bbe0dcbe7eb3d0fa19b4afb5edff51b7066ec45d
SHA256

53285fb142e48bd1a568509c8997067370ac4578b3c92d8c3bc75ecdebc2915f
SHA512

6b3b0e289d06839cfd32327dfa1795368601a789c3dc2a0db9f0cce01001a28a584d5c26ce4e46e9002626a1f3ba318e038578e86f00cff489956aace8b419aa
SSDEEP

98304:KxNeg5VPsVXSfJHbM+A+PoudLZ1uRhkuoxa4kReiX2+jli:TgTZhHbFddNZ1kroxacUbBi

Score

7^/10

themida

Malware Config

Signatures

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2064-0-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida
behavioral1/memory/2064-1-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida
behavioral1/memory/2064-2-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida
behavioral1/memory/2064-3-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida
behavioral1/memory/2064-4-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida
behavioral1/memory/2064-5-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida
behavioral1/memory/2064-6-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida
behavioral1/memory/2064-7-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida
behavioral1/memory/2064-8-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida
behavioral1/memory/2064-9-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp	themida

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3744	2064	WerFault.exe	83

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373597527741412"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4644	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
972	chrome.exe
972	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4644	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
4644	vlc.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4644	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 4412	2064	Akira.exe	85
PID 2064 wrote to memory of 4412	2064	Akira.exe	85
PID 4412 wrote to memory of 3088	4412	cmd.exe	86
PID 4412 wrote to memory of 3088	4412	cmd.exe	86
PID 4412 wrote to memory of 532	4412	cmd.exe	87
PID 4412 wrote to memory of 532	4412	cmd.exe	87
PID 4412 wrote to memory of 3888	4412	cmd.exe	88
PID 4412 wrote to memory of 3888	4412	cmd.exe	88
PID 972 wrote to memory of 4496	972	chrome.exe	103
PID 972 wrote to memory of 4496	972	chrome.exe	103
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3476	972	chrome.exe	104
PID 972 wrote to memory of 3652	972	chrome.exe	105
PID 972 wrote to memory of 3652	972	chrome.exe	105
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106
PID 972 wrote to memory of 4208	972	chrome.exe	106

C:\Users\Admin\AppData\Local\Temp\Akira.exe
"C:\Users\Admin\AppData\Local\Temp\Akira.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Akira.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4412
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Akira.exe" MD5
    3⤵
    PID:3088
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:532
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:3888
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2064 -s 1376
  2⤵
  - Program crash
  PID:3744

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 2064 -ip 2064
1⤵
PID:2440

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnblockDisconnect.mpe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff985389758,0x7ff985389768,0x7ff985389778
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:2
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4764 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5256 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5308 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3520 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3488 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5524 --field-trial-handle=1872,i,12497440725929608836,13913502855483042398,131072 /prefetch:1
  2⤵
  PID:5048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
49b7ea629c6c02f6e6ef63cdd33a8b0c

SHA1
778b43e785fb946ebf7f0af02731d992d7ff8977

SHA256
951b24e649d5c8d3311e5b1d2290b2ee33ea075b9d691b6d8b13ca613c83026e

SHA512
9ff73637b225afc348da5dfcf2810f3f315bd4170a6c7351605083fcc7e201e350ea8ab6fb11bc616cb5cbeec8498bbe0f19247a4c32d0345db7651f90ed2ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d8820bafd6831f6cae31d060ed414558

SHA1
fd0ad1dae63fa33d8b9f294e6349d70b3fe4e46b

SHA256
f01697ffa7cb33676d79fd52375b3c7e477ed0682c154be021057421309919ad

SHA512
42ff9e87e193291ac79964913ac1458c56b046fa2bbcdc2377e1b5da876adfbb1bba48bd6d01da89ba759d722e043f9572ec23b26b0bc17d1156e56ad5b09533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1584b3b1a21024aa1ef94ce30623bf94

SHA1
4f4f62ee098bce692eddad8ea848b1c1c0cac0cc

SHA256
5ceec6f01e9beb6a8dc2110c18094a80a8c13238681a6199d2de29251cd55663

SHA512
fd3709b186af910923f4784d8417b81425dbdfceb8e1a3452e896ac3961d5e1861178dced5abf6fb02b7d7f769b4b2a19fc42abbc83971babb8bd0b15a27c87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c4bfce75b0c06df6110a1c5c42699e70

SHA1
1e8cbd3eb4d5ff3cda1924d1b97abbbb2fdbfe71

SHA256
0981d08c0dbc39d50d1faf76588b3f949c33c18ed5fb8f2fb446988e4bb7b254

SHA512
3ac887bc64bdfc663904b48f5efba07486afce3afaf39a293fdf4068577153f469e628fc8965b698e65c387f016a711daab43f995f8adce18a4b1770ea99dde2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2fd173aa554d47fbb74b952f84e68140

SHA1
8cd4666f0c30602c51adfc1bb8aae50575ba0bb7

SHA256
938f5a461643e4469c3daaac7df9146fac1649b8afca4399a100bba26f103a2f

SHA512
e10ad1af75fa4fe553496f5f9196aaf4b1b8c795cc6940a0a9ec2e07dc1ce6341341c616981daaf905dd3d573178cdd9c1525122446db6ab12eccdc8b9955b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca2ad2bd6f2b8143ca730166d65beab5

SHA1
b8a33485edb6ccadd13b0965d3b33b8b9a43f81c

SHA256
1c41874bb418341a4f431f8f29691a39735419de00e5bf7b64006e4e0a45e1d5

SHA512
fbe9a02c685533a87b99d1923b0d2a3ef6857ed627def7a720124a22f066304d142a2e2f581211727d63e8c61fa71acd252ccead790b0a77b60de4e75c022cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5c03e7ba2dcd481546baa54048a77c96

SHA1
18f3ff446c30fa73e69db274b63149b6c7ee8b34

SHA256
00c99b2b3e9d7511441db5bb84ba994bbaa892010dd11197b073a1f82d2d5a5b

SHA512
4c85d0ebaf6f1d6ee987ddb0a8ec87469d537430f966fe98d3e2ef4d3ea9933cae6c0a461ea6680d2fda7f8b4f5ad7282c4ef91fd0c53f53691ad78e19a558fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58500f.TMP

Filesize
120B

MD5
46fad5d33d1f4d76add046c03bc731fb

SHA1
f38eeaf8d0f6f39d24316c31c716f14b9bd807c3

SHA256
0d5b96baa15d520181a482f66887e7759f6c757d1055fd32d0711d403328c7ea

SHA512
f8b79094a5e646361b0c68e26513a2765dea75037a22b273945f3b75a129f352ccca1c417a59b2da7bd466d68366dfd19412a550dae675a07817cd8cbfc1a20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
178KB

MD5
5c4acb618fad4fe84c0907273bd52135

SHA1
2f0e881d4cdfdd37e376de465affaff689432526

SHA256
3cf237520235babe9c189e8ef7398a434cb23952c1347d18b261ac12eb9ca17d

SHA512
a842c386e86b4a9f6a567de12fc9930eec5a0f5bd53218dbaa4f290fea6234cd764ebd4cb021b9658c32ab494adb0dbb34752a2a49ff6f77901e05a84fe102e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
178KB

MD5
11f30054fa180181d08481d3f187a40f

SHA1
0c32e4bc7f27d4c0628c3bc5496897a3b9915553

SHA256
54fa52cd3e4ec08cb37ebfd0156057323d0e1cd9e7bcdbf3bce9cf2d71ab6ed8

SHA512
59ac342baf02c757427795b640fee372f102b3c63824bf7197a1ab47fc5abcd57f77255f2d83218fde2f13b3718a9378b0ea740aa782207f4361c982983cbea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/2064-7-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/2064-5-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/2064-1-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/2064-2-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/2064-3-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/2064-4-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/2064-9-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/2064-8-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/2064-0-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/2064-6-0x00007FF6C2E50000-0x00007FF6C39F5000-memory.dmp

Filesize
11.6MB

Download
memory/4644-27-0x00007FF9829C0000-0x00007FF982AD2000-memory.dmp

Filesize
1.1MB

Download
memory/4644-23-0x00007FF6F9CD0000-0x00007FF6F9DC8000-memory.dmp

Filesize
992KB

Download
memory/4644-24-0x00007FF986AA0000-0x00007FF986AD4000-memory.dmp

Filesize
208KB

Download
memory/4644-25-0x00007FF9850F0000-0x00007FF9853A4000-memory.dmp

Filesize
2.7MB

Download
memory/4644-26-0x00007FF983590000-0x00007FF98463B000-memory.dmp

Filesize
16.7MB

Download