1a91e60510b8c6a5e113b9c089e3020fe71a13b7513392a09f84d3588dbf9c38

Resubmissions

04/09/2023, 12:25

230904-plkygsge52 3

04/09/2023, 12:22

230904-pjyrkage47 3

Analysis

max time kernel
28s
max time network
149s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/09/2023, 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GeometryDash.exe
Size

6.5MB
MD5

8c73a34f740b59ee613c6128ad11c2c1
SHA1

66788bf78d32238a6a89110afe9ee663ca55f715
SHA256

1a91e60510b8c6a5e113b9c089e3020fe71a13b7513392a09f84d3588dbf9c38
SHA512

fa7b7426ef6d850cf658739c72f3be77bb545e1d228f09816cd3088d90b42958dede51b4381fdb93f6cabb5a59e74bbc82008e063ed3d4af29a5fd1f91c34b62
SSDEEP

49152:pxIv8Yz3qRzSpXyDOZF2LRr9BR3Qa2d1ww6xfS+w6xfSExIlvYqb3xCTjzDyW:k0FJSpyDU2LRTRNVxfS+VxfSgI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2200	2996	chrome.exe	29
PID 2996 wrote to memory of 2200	2996	chrome.exe	29
PID 2996 wrote to memory of 2200	2996	chrome.exe	29
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2844	2996	chrome.exe	31
PID 2996 wrote to memory of 2540	2996	chrome.exe	32
PID 2996 wrote to memory of 2540	2996	chrome.exe	32
PID 2996 wrote to memory of 2540	2996	chrome.exe	32
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33
PID 2996 wrote to memory of 860	2996	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\GeometryDash.exe
"C:\Users\Admin\AppData\Local\Temp\GeometryDash.exe"
1⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5bc9758,0x7fef5bc9768,0x7fef5bc9778
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1652 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1560 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:2
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1372 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3460 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1352 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3736 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3592 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1064 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2388 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3836 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3832 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1156 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4536 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4500 --field-trial-handle=1388,i,3177866771665819331,17303515621660639730,131072 /prefetch:1
  2⤵
  PID:2692

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a3f01e7c32b408d9fb2f2b3eee72df5

SHA1
e55d50a8fb8e3ca9cbe8360036ef592fb0a225ee

SHA256
de279d5122e9824c8d30dde11a84518e7d959ddcd9614f379f2f720d61567368

SHA512
eda1ed3e1b8f29922d90190592538192c7a148a8dc8e7ad44e0a3448733524ccd11342a193db5d64db5cdfaca6b19b9ecbec9ab51e81984e22347c8c22100b7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aef1bcfcb4fa0215f55064bd5d4848d

SHA1
2c45d8f1eec60dc54fdbdd86a434e5a53154ee4e

SHA256
4382e92367360595282e66ed88c1cdd3470ab631fc51ee0b604289bf0253c0b6

SHA512
be8739d6ffb1b6bbfe6f1c93d2958bca0a7ff5d4d3e7395d07eb1fed3ae18e7858df9acc4235a85278ad6c05c7e8d6dc6c080975d621f60c1e36dd629912bf69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68ffa38856c2a476c7302baca8a0b133

SHA1
d42fc6e46c79a46c6d29bcb59c7c8a14805b98f8

SHA256
cda681d4eee7a75c017a4917be35970e1c45e891e99716220f97960f60bb0791

SHA512
6ba742db47470e2b735d61dab91b4a3320eb8f49d82cc4c0923cba81638b6e2419497c7b80980c7c5e57853481bad7566af865c5dcf0d7fc91ff879bcb7bcc27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
451343ad79fb0bbc81382d5485203712

SHA1
403a267a4556e50d129911870a5c75114a687342

SHA256
6560f1abac6e423c75d4dab42b876a2f2afcbb19f0a67d75c241f92f65354dbb

SHA512
f6f45902b1adfe25af33ed3e9ac8686b6067e7e76905cd97f6087c5aae20b7d6215c97847107bf2b1626bc476e7893efe7cdbffe1d9a23c1dd683d9308c3001a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
71KB

MD5
e6b53809b61103227b18cebb14fc4b78

SHA1
1da12ed84d56b0b1a6abf19274c70f3a9c55ed37

SHA256
e0706ddda79ebbc36ca014c0ce5eed8502b39ae030a36fddc12386ede6063e60

SHA512
1efb84b5913e51fd394fa2e317839e6a76f7333302ddbe97592ece61621b5e9603aeaab0866a7c7f550c9868bf059e01074126ba3926ee973239e005f46347b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
40KB

MD5
d574939016c1b0511053c934958d9a25

SHA1
1ebb35cd6af10fce71dcd4778c9bbcd9822ef999

SHA256
ad0ad0fb63aff674e004faa8c826d6523a79532133fc07eb9a2ee5a1d367ec66

SHA512
48758079cd42e05da63126f5119d15a4f79520095d062b67490b637df8fc12d567eaa2ec9c083d747093fbefedc651fbb3a2bc4f2fbbab9b5a09379626a40ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
0150e7f93ffac33273f98c18cf8e8c95

SHA1
57fd3eab100ff6e276b303dc954065db715335b1

SHA256
bdfb04fbf5292eadef691a5dc895d2c336d2598df92f701b1bdb01ed522061ee

SHA512
dd8a575996368da5c9e48eec023172554d24d79818f7d213410ea15d657128509a511325145790eb84ee4bcf1e6f25a25b7ccd2fe6fc41edb7fdac3465b23364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6a24d0c3d323f7be5825c9d9125be962

SHA1
2c958036084f306638566a4711c9a50000d10587

SHA256
7d60bb8b5259eb9c415bca94935ec71f4481d43971818c98e840f421ce91b4c6

SHA512
eb60c70ae9524792b7afc96d4f9c28f458e30fc4bd878c09e659b5674ac53395d58915aaed07e8f9236c08b4c19d27fdd9dff48b550c5357c0b13f06f8147a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
e250982027132dbd2f342472bf3e4b50

SHA1
f7c5f7372778234afa5323c0d529cbda2fb968d0

SHA256
b317a87ee7806c53198646fff8a5d1f79522e67e0fba35548a9bb465a2a46b8c

SHA512
8d4954a5f9731ad1f919107b478bdb44aa049bc6db88d28161dd99533531b66096bd864f5c98e480d32700980b89bceb6b3931f0a16ddd54b0fb8b14f3474c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
050c44ee6b33206f7171b0616b4cb7d7

SHA1
19abbd6a4b8f56c96687c71efd4b459c1b83e5e7

SHA256
a19d5220601b10ec1fa9cf8301c8a9df6a2b73c8d91d4e6d1eb75518d59d44bc

SHA512
38f4e118eb6f5988f070700127e7588dfffdcbaed9ce6ec83ad8a01e457874ec64f076242c244e0c752dd67b863c26af48b631df1760b5745856f5fa6245bd26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e012dcb996fc3fdf5b6617311974242

SHA1
7ab56d55fd1a8cb64b43d67d825c4625ec2934cf

SHA256
3852565a32cd5a3b6db3c3df44137a2b6eecc44a9259fdae626b01ce93d56f78

SHA512
15a89771d124f6256e47a04ab7ebfe4c74b33145fd838e369dceafd1914d8f048d14272dd3484e50353b9bdaabc26ac1579b4a8bbcb7aa420f0ef19b98731bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
cabb0a35ee1f9cd55ecd988aa48d02d0

SHA1
80d931b1ac0ff6e40792f8355df93b82a5066650

SHA256
ad3065cd13bbcbccd11b4c512d8c35cbaf953301f2d23782079635370511e973

SHA512
dc009f6cb670d05e597474c5b84214fa4c736cf09b418503d1875f80d6ef5d2beec7515b70da1af217c0e765c04101165476a7da99e0209de258b246b2201ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1006B

MD5
2c0bf20c87ea1cbb5a408d3ed490517f

SHA1
a831e28dccfe6b70e7807cfc0babd28a0ad72f1e

SHA256
51c41974a1636c26a2664b8fed40cbcead412db751dd6424d135cb27252763bd

SHA512
0c60abd2136036d6dbba8eaaa2103d55abd7b00529b765ddb4d7e8dbe9c7a2024e4e0319e51764daa4dcc598a8e0d86fc76812211fa3cde19b5c19019ac85c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ecb005837148c9af0ad2923594aad86f

SHA1
330253f276aa73c56b9bdaf1528117dff8a6745f

SHA256
60d23eb6db9716c380a6d8f31e8223e608c54aad052b6861dd3e2acd5d8ab244

SHA512
15bd2b5a0a8986edbcc3f60250389306786f8c0180f7568cb210b36d0cdafd5cd9d31ecb3c14580710dc0a0adc8fecd236fb3474eb7eee59b1dd900e2a670523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e6f5bf859e8ba406231d790b398de9ba

SHA1
922e31122ab1588379212e6ea8119a069d652c1f

SHA256
1ce310e57610e68de41f64edff12a47c37e5a7bfd5be4f56ef35f188590b4853

SHA512
c825e8d2348c2a4417788ed33e13db7d8bc27fdacd80513748c66d9f91e004632295c6e7637ffa4fae5c489f11b7d5951b5ed6355ab7d7ea1675f80bf1d061e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ddfe0e69c9f0d6b67ee2d569cb874cec

SHA1
904543090c3ebe76a5990ef9a3dd52b5136bb861

SHA256
cc5b532fade2c8cd0abefbd1136c42eca72586985abbc85c4d2212535641ad85

SHA512
24634a5449b9e11ed42cd60e7a576b2de5a4938e313fbc26412a9cd4e9738bfbc1536bd9a62dfd469eafac75b71d1713690c1cc126d5941f0dc6b4150aa2aadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d3dfe7a9a4f1081f00956e1ab63f8dde

SHA1
6bdb809ca341f569fedc46f255562ed1d95df294

SHA256
65a0dd1b8084a0d9ffaf24e01fade7dcddbe04803b237b73149b8d80f89fb85e

SHA512
882713e8dbfb24cb3924acf728e3049aaffc77fe3ed0455e1cc4c2b55208af1b5f452fb844324cd672832d39d42a30b288bdc70b728fed565a3c4eec338351de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2e1d4931f05facd260510a4117734987

SHA1
e38fe2e11b2db4807e8e1e24a979712bde73c6d0

SHA256
59f1cf691cf7cba97dded5b03e41d1134b27fc51b9d508bbe77b4c1006458a8f

SHA512
014750452206c6b34bbedd0d1808d02f01f255b5b7618446991ea4672b3edf09eb3294b64601b90132207049d13c7b3f2affb51936e98651c207c20ce9bcb582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8b5db4352bf73c06a1e8bed4a6f5e545

SHA1
2c0fa60d2575c9a10a85437d1aaa2b98fcd3d9b2

SHA256
31e0341db20aba795e2100666b720ceceeafe79782b257ca50aa7becb2ed77ba

SHA512
351e6ba477bf88f9e49ff4398e2467aff7f6af1d17781090a2d2a9c06e0a2e164879d691f99a95a2bcf8aed2d561e1413d18f030fb83592aa1d3d748aa6f221b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
192KB

MD5
762b3241d18a50efe0be40675f1a0fce

SHA1
b06a3246e5fe683725b1f8d42135b1a084319463

SHA256
8841771829a35e0fd4c5edaeb9ea28dbcce1fdd517b96b292ef769c5eb7ce4ec

SHA512
05a5fdc525f18c168134957919acde53585c0f8a236b22206d81b0de2cf4e8d2a024da034576eb4e5e6133a8e9ca94cce8bc7325787726a05108a5070c8664e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
192KB

MD5
83d82017cb886dd5f1fe161e86eeb88e

SHA1
3d747a1908ff7345af1fd7fa9aca4ac80c6f5924

SHA256
06ace4e914ecd5d8a88d758a2a850f9b03a547e443ba25d0a93f7d0531f1c3d3

SHA512
59dbb8337e1075aa5444babcb54d8e6b01b619ba4c00190cbb9b4098ea43cdf1060f09a00892b1a7f50ed6d2a2d05f6c258ef08560d64510a47237634b863f20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
5357f01569c4efe67eb65d4be361bfde

SHA1
0026f9c0dd35f7ecc9511ee1ce8ecb3eb2db02de

SHA256
9940f3a96115b4fc151be385a68c7a7d7c9c413765690a0a922cd5c9f36e68b6

SHA512
da0f57805f850cbc17e91192b83e441fbaf6f0de3a008c1ae369efa7892413380b4cbe69235be86af779c85e3ec81a5dea8e4cffac90bdda0a13f999f9d818c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
77KB

MD5
25dd072583deeb9d6540fd40f6a2c3d8

SHA1
4696601153c68ba15754675f677d3357b57ec6e5

SHA256
338322a790a8df416b6b85f60d86e8102b5b824ad4202e66ba8de0ba33604de1

SHA512
c10a134b3546c815f7be8d300e44b59065576fd5f4a876030b54c758925f5d521d149e85ab0be762098d0ac2d25546a91c071b8f8f3f862556de9eb742c9ea64

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBD68.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD158.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit