hxxps://au-secured-assistance[.]info/au

Analysis

max time kernel
81s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://au-secured-assistance.info/au

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415416051236588"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4524	4656	chrome.exe	86
PID 4656 wrote to memory of 4524	4656	chrome.exe	86
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 2304	4656	chrome.exe	89
PID 4656 wrote to memory of 4180	4656	chrome.exe	90
PID 4656 wrote to memory of 4180	4656	chrome.exe	90
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91
PID 4656 wrote to memory of 4504	4656	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://au-secured-assistance.info/au
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd685c9758,0x7ffd685c9768,0x7ffd685c9778
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1268 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:2
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3228 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3792 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3504 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4568 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3956 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5204 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2360 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4808 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3476 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4056 --field-trial-handle=1908,i,6715061513603069560,6496605875999381614,131072 /prefetch:1
  2⤵
  PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd685c9758,0x7ffd685c9768,0x7ffd685c9778
  2⤵
  PID:4488

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c7a33b9876cab748a5a981036219c054

SHA1
60bfb76b9f629ede1406ca333b4c237343f2084e

SHA256
960b99a74c8f349d0e8ed4ada168926e6074511aa39cdd408bedc3b645d0d184

SHA512
cc74e439d25dc8ab0468b616829c2bb8f12d4363ea872501f6ac87382e99119ee6e7ec93aed5cc3095760239524a62e97e0128799df019550870dde2371f1b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c7a33b9876cab748a5a981036219c054

SHA1
60bfb76b9f629ede1406ca333b4c237343f2084e

SHA256
960b99a74c8f349d0e8ed4ada168926e6074511aa39cdd408bedc3b645d0d184

SHA512
cc74e439d25dc8ab0468b616829c2bb8f12d4363ea872501f6ac87382e99119ee6e7ec93aed5cc3095760239524a62e97e0128799df019550870dde2371f1b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c7a33b9876cab748a5a981036219c054

SHA1
60bfb76b9f629ede1406ca333b4c237343f2084e

SHA256
960b99a74c8f349d0e8ed4ada168926e6074511aa39cdd408bedc3b645d0d184

SHA512
cc74e439d25dc8ab0468b616829c2bb8f12d4363ea872501f6ac87382e99119ee6e7ec93aed5cc3095760239524a62e97e0128799df019550870dde2371f1b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a015d2f0763a5ff96cc0fe026df4ff1d

SHA1
5c371c0d2734967d98c2fae9cbebac5a6d21fec0

SHA256
e7402107d06210c6f62b9282c15fc592e0bb26c7e62de02c529dfb3b0a8f713d

SHA512
35d1cad85a83dc607135defada8de77f9224af184f5dd132dda4e10e8e3d979d905528616cd4b9a03fadc81ec1c3ac34aefa30e19f443e58f55879ba441bb87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9e588c87eea00894e4aa6a221f6f9558

SHA1
1570b40b60c08d3460884bbf9ba6a2a87cd5658b

SHA256
d3bf43ca97f0bfe43936eab7c5a2bdda3c46f7c74e4cb1157726a4b3dd353b84

SHA512
67cae25e160ee1829d9f1853d5866a96a7d0a1fefd03b4a849db3d03e52c34408bbe7d19d27b14628cb9949c717e4cd7f1b579eed2f3c94ae6fe25124f0af7ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
14fe1846b3241cf77005ec48eac0d745

SHA1
af636c3999dd301fd23b5fc1c8da178dd4f56008

SHA256
dc44b4ab91ff752db26c623460aecb1b71ab2d468b09ff96d8d978fb230c6d32

SHA512
7bcfb3adeaf88986cf35b5bae19549d0c6e6a9af46c546a5afb6dafc47324e2d7b855afb95b30f25458e906c816daab5092fdd1147c1cb29f49f140326601d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a14af7df18a064cb8cfb54ad977e5ed2

SHA1
6e29a6e6ddd1d2b82f96653b378144003ad836d3

SHA256
46a4c12fba520fea7f7359fc84be26f1f6e7a9b7f1f334a983ef6ef045311b55

SHA512
cbf76861c00abad91955bffaf85a4bbe7225fc5b6fd24910df1147905491b0be7101d48767a4e209414b06223c4f27f9ee725f3a07728db2c5d4d2d0d4577e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f0105313c995b1acbbc03e768b0cdbc5

SHA1
6cd617b02e961379453e56f6d57c2f8b85cfd971

SHA256
e6c6bbfab64f237786c9a13b3642c8176e77030dddc6a814ec999a03f28104b3

SHA512
b9c2a4e67efce1626e005dd842346266e08ff07e490ddf7ca90e30c987b07c14adc2df580bd7c5ae8d80ebcbbf278b02a63b650076d1f7b8b11f9869fd4ad95f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
04c11252ae42e855f55bfaeebb2f1ea7

SHA1
5c835bf093b38c634aeb1c899edb954c0f6b2328

SHA256
6fc16fac1885c44b43aee5a05315462f93ef6cbcabdd64c149fe4a6234e86142

SHA512
396b5fb2ab0f5b89074b99d750f50ad6b2642aa03ff395bed3d118dfd05159d70cafc8c2187d84654af5151e787b46e18b3ae1e638669fdeab3c56a3f2e7e0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
9b5d113a5d4ba48bed1daaaf31015910

SHA1
6d645dfa47dda910b7e2f9c9824ac5ba0aa957d6

SHA256
b98b18e52362076b47df45a90c7663ab8dbac2b824d204524cf23b41fc00ea9b

SHA512
746e92c32f3483e6b776a1b77dae0226bf90aa6b89e1e0f561d4b4ec8a0ff541c44bdec43bb95b52c505b6ea9786d8c8507c136fc730d7a144c90fc11f41224f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit