hxxps://zaluton[.]lovali[.]co[.]za/8959395586280827637625?siposelusigamojumagugalekozupasekisakuvinixix=nazojukopulinuvevejabelakewufowupiruziwimanidaredabuzexafezirepigipijefitifimepolebebakijowegewuwukumobolokusawolidedejelosivitubilajutuxubevuwatavamorenusatavimitufebevuwumodorusufusurijejisolufajulomejudefi&keyword=asme+b31+3+pdf+2014+free+download&zakelizageperalodoniwafijusumirowal=timumalatukadinesiwegilafumuwazezilulokutetofaxiraberolemurudokakovevalosuwewisijevoledevugameminepalejavesereruguwoja

Analysis

max time kernel
1200s
max time network
1176s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
22-02-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zaluton.lovali.co.za/8959395586280827637625?siposelusigamojumagugalekozupasekisakuvinixix=nazojukopulinuvevejabelakewufowupiruziwimanidaredabuzexafezirepigipijefitifimepolebebakijowegewuwukumobolokusawolidedejelosivitubilajutuxubevuwatavamorenusatavimitufebevuwumodorusufusurijejisolufajulomejudefi&keyword=asme+b31+3+pdf+2014+free+download&zakelizageperalodoniwafijusumirowal=timumalatukadinesiwegilafumuwazezilulokutetofaxiraberolemurudokakovevalosuwewisijevoledevugameminepalejavesereruguwoja

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530982621451447"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
3876	chrome.exe
3876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1576	2320	chrome.exe	25
PID 2320 wrote to memory of 1576	2320	chrome.exe	25
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 4912	2320	chrome.exe	80
PID 2320 wrote to memory of 2660	2320	chrome.exe	81
PID 2320 wrote to memory of 2660	2320	chrome.exe	81
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84
PID 2320 wrote to memory of 2612	2320	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://zaluton.lovali.co.za/8959395586280827637625?siposelusigamojumagugalekozupasekisakuvinixix=nazojukopulinuvevejabelakewufowupiruziwimanidaredabuzexafezirepigipijefitifimepolebebakijowegewuwukumobolokusawolidedejelosivitubilajutuxubevuwatavamorenusatavimitufebevuwumodorusufusurijejisolufajulomejudefi&keyword=asme+b31+3+pdf+2014+free+download&zakelizageperalodoniwafijusumirowal=timumalatukadinesiwegilafumuwazezilulokutetofaxiraberolemurudokakovevalosuwewisijevoledevugameminepalejavesereruguwoja
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd60d09758,0x7ffd60d09768,0x7ffd60d09778
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4796 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4932 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:8
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4556 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3236 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4880 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=928 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1056 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1632 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5336 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2240 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3188 --field-trial-handle=1800,i,676254847832201681,12524976049204009517,131072 /prefetch:1
  2⤵
  PID:2744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ab02dcee2dd7015c_0

Filesize
42KB

MD5
ac3be9c02232d514c5c142b7d5efa505

SHA1
48a3c8b6211af5b0f625f195f26b1d4906c553c5

SHA256
77c3a3f68fadc92368c4414494b0621adb1b89e77c961d4b6e9cea131a62b2d5

SHA512
3b6657f0ee53f3119fb0828c39f2fa22ba9b5af08ccec6d1cd06c2ec868992cbc5d403aaaa8d23b0f5e0affea93dd4f0d116e258e0f344c63ad19506fc2a2b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e636d6758d5ee4e4_0

Filesize
305B

MD5
d53776f785def93f8fef57ff49d35fdf

SHA1
c9f231c4717843c62fba3cb87772540898944dfe

SHA256
df3b1d6a1d9ba7ff9746a75f3442d20f73e4e4d0e19b260613b2cbd3222d63e8

SHA512
7802d34770fdd03431110b35bc3a20c4e608e65445c597cddb044420bb07b6b9fadedc4c716246477d0b96c9a5aa8132accb504dd1b1362160e8bdfd8973aad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
508a2e8c5eb185679678ad195bae210b

SHA1
f81a06fff4c3ac1dccb73973dca1812e15f3cb9b

SHA256
5c788548676db6118079badbf85bbce0eec112210973293f6dd3427d4423f6e5

SHA512
bd6b891ab76d6cbd5196a329410f25921b5e8c650379bf3811179c166937337a53e91365fc20bb6a1da0b240358fcb98e23b631e7be5c11cb0dd18b78c2a544d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
fb54bdb78190c2accc42a7528b6b75c1

SHA1
208fd4240fb46271b2bc532de17d284e3bf0259f

SHA256
c6199d15e432b21b86315a00c2c30166be176b1734f0fe3541657b399a3f0fe5

SHA512
1b996087edd0741b9230cfda240dc61b44b554f89e7071c2673c87f9ad18a084c0e06428efdbc2f13ca4eb0fc6ede3275af582c7a10380a802ce87e6c9f56f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
cda484e138b5d277c95e32062edceeee

SHA1
b531f21040e1108c81a60e25ed7aa4ec032c0db9

SHA256
a73e775c46cd24208ad31b742a7e6fbe04929ae998220f9d7854c4a7f12eb4e0

SHA512
5285dcb517ef7ee7d1ed067333aac88335d4aef882b3a578148152d00782202a596c93176671072b47b86a01e6bc3e045d22173546a0695abb593ad8b93275aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
68140c7d2c9543f180aedf81f7906c7a

SHA1
6a5e73555bf86e9a983dce70b1ed10c015460f6f

SHA256
9630cbe920f47bf5e691de835c256a5354c7afb5a514f8a75a5c1e8c33bc8446

SHA512
38e77579cfd70b44c83339c1e82baf25da06ad3b5c519ab46df20bef2aa907457218f576d3a0a09927b9e0da6de41c17b11c1289ced4c48c8b6d3e027fd414f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
f05bb1babc09eb93670329879f05f4a4

SHA1
0996f057f5cad1d8214fa239632145dd3fe05f64

SHA256
2dc06706c468b47ae21461f7165151aa6818a9dfc4c896eb11b1d527c7e4d28e

SHA512
8a41959ac26b589e4548b536d5afe9d979a2ce72a1cc6240d22496a5e0bb4911244f72b43ac5ab14df89b8abec61a981c25c63af05f7f6fe2530318c694a0405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
86f9b114387ac03259c8d013ed681bee

SHA1
2a263b110a50ad9b4e1d7d8423d0eca14b1948c8

SHA256
50229ea394db8cc17c6fd1564b0a98b5741623fd4fb48fb041ccc43c58115a8f

SHA512
13ab8b9c10e46a273a1b1ec430a6235142674e302130950b99feb4608367ab75b3881fdf7c8df0fa6c78ae8cf5ba6c3ed8c72d8fc7460813b5a82cb4a209f27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
00d1cfe5ab42aea264559915bec31c13

SHA1
17debab4f51e0baca3cc7ae92121cda6f85a4308

SHA256
b667fe237286fa03ae1ba1121dc85838404c4bbb2beeccd8c98f9fd0c8146429

SHA512
1bf0fc1a1a0943e9617276c4747c666dd6b4e4053fb03990c1b272a76840e41821038a30054c380909c0e30ed912af27efd7b97cdfbfb3652b76d7db2870852c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
b47781f5006f5802eb3344e9869d0f7c

SHA1
d2d982157afcf0b7c3485bf5a12e85b288586066

SHA256
451211837a8526da3c42c70d7c4bda5eddac36dc4682115708e257de10af300b

SHA512
fe91d8f4dca4be73c894b386121518a30a66ed90f882e0519d6dcde727c529e3632d2a3bec69b56f076d0408b483b1fbb8e40de5653123c4015e9e3b6c2d6dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
167088f3eedaba910868c669e185f420

SHA1
537b2117d1e59ea516106f2182c572b67fc05d51

SHA256
1b1290acd7cce49543e5d341bb1e7f9b4707412377fb3e63ea65d72a85000a8f

SHA512
54feb5e878c239a1ddf48d51158d0e17474a325a06d5105a404a56cafdebfbaee0083674c3272efc69d8e71abb5b6293eb211fecf37e7eefccbd0f99d9660be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8df6cdfe3264e05d40411a0d9afe6111

SHA1
a9d84d25adee5a08e26c1517cdcb2b0bb89ffc2c

SHA256
7a84acb92255ca51a9f75778d4afa4957e8eb3556f89f92ed9d85c38d6a74b08

SHA512
81b96aa9fa2b9c7701a3ee43ab30767b60f37d5f8bb8a8be59e4de446f8641d2f6101d9b059bc6ecda288392dd0b697a51fff268ddfb9b38c74fed9a8bf02d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
400dfc3041b0245b6210f543a801d743

SHA1
8b3ae7984489c88958207a2946aef0bc6f728ecb

SHA256
38b49488a58ffa56cae9ac0b9194e914f84f68a52a680f21f5551cf4c7385dd0

SHA512
c4b65ca33a5c86fc3a81b01080f63ea12225c5d79f723e6962b93a45ee807fb71c0154c239ddd63a33973d4684a55b5f066a9dbcfee593f1674aec46cfa38bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cb19c68d8de7ced97644e762a41af627

SHA1
3237b911eeebd6912550d0b842d83176c100f7f3

SHA256
0763d32b0355e85651a6db2c6ca80b9996d10934fd3ca91a1514fb8a2776dfb0

SHA512
d56817280d22b812322ddec05161229dcb208f3ed89993512814c7918faa70a27bda1e217b2c654fec9f15e71959a742f41e88b0b63384f9b2e5f38f1d0ef605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c51eaf613aa86e735f1a1ae7208854dd

SHA1
291b0073f9f82e2018144d65514bbe2d0541d0e3

SHA256
038d57f9ba28370577da209a9b45e6a1cf4fc1deab3aca7a427016b9bf1ca9a8

SHA512
85fc51d541488384989bc00c1c3aaed86a3b691e38bbceaa741d0008fb5cde7b853a28bf74d14088ad5473023bcdbef2ec8df30354d0583575ee74f30c927a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39c9d4ba501805a86e5e318032423757

SHA1
ca64aded33954e0a6d71fc9fafe95b226e8aa3d7

SHA256
430727759b33e3f178e939ca5f399ff73dafd0ff2c8fd773dc93736565d9da00

SHA512
1327a91ee9c0e5bfc928eea60d6e5c9c2fa318cab1a70e9de22f11c3ffd98d743df21c4cf400d80b99af2e4c8f96c1905f9598f310748ef94ab960a9dfcc99fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
14373254290c3dc76c4ed6529a5783ef

SHA1
3edf7e58a80d0bb3c4c5d615a96c6cbe591a3dba

SHA256
734484a99b89014742c0b1c57d5e9dfb41018deec6f9af76477ef775e2d86c94

SHA512
73be71a21f9d228ff65114e366c9716984b69f48e726dfab6a762c3d025ab41f13f75e3bfe25c561fac4b9ae01388c1157e58f50a45c05629f2ce2aa4b08fcf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ebafa6fe32eba3f1db13c8584ba622c7

SHA1
41ec8310759d74c7b7800603a98c1e345786e7cb

SHA256
5b82fd8f67c0a92551f7276f962ae492f8279e9bb9a5f2ca14feffeccde623f8

SHA512
19b04acf23eaedcd7a14cecdae0a7ff78e2126c3ba3672379260352eef791699a3c92c6b2bacb8b8924db0286ffd423fabf115ecc7c6e8776cdf99b857c9f1cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b60511f1f3c27f5892ff70ec61faf4f2

SHA1
4da3fdc05fdeb4b93a0d9fdc898bb228fe8452f0

SHA256
54a072047d92f93c3756e76c3c0efe81eaa78c34489523b7feafd359620d2a8e

SHA512
19e4ceb5e0df59dd64551963a5d6d05988a899576578b825788e80961bfa6180fa016f8678830aeecd4bd6f36d45aa3d4e9eedeb77cdfef870729bb0aba35a5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\be99e570-5d2d-4a9b-b4fe-962184c60c97.tmp

Filesize
1KB

MD5
3de03c2519aaea94b1bc8f8550f6c2c3

SHA1
ce553357342087d8d6507e714c51cfd127c2776b

SHA256
4fc0497dc021a3a9d2a29e97dd61c0d679fd6d9499da3be136159d22e680c027

SHA512
01735489ab8a2c15e88b43a3a5d6e6ee94f32f070d41ae7ebb6177d86ca0b2603154c114b147f21e71254432ee399dc352ae34824d819a3d2f6b0db64fec8100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f979bc29-8067-499b-819e-723b59a692cb.tmp

Filesize
6KB

MD5
bdb7511583be30c45a3dc0cbbeea0e35

SHA1
fd17d1a2fa87f60ff175efe1dde82abe17af4623

SHA256
75a747f47b27eae386cee3b90af742bbb21678332aca973ea996fba7d5737ead

SHA512
0e995a0c9bf1a1affc8153e66b7359dcc16f86269955cfdd78ae9e3e6eb37c40c6397f1eb2659867567f83dcfbabacb2d513768c7d21e992e9f6927ab69daf77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
7b3b7d8c99cf704fb4af742b5b07d065

SHA1
67c41ad38ab75779ea963a12c656981da133dd61

SHA256
c2da1d54a7ea4c294f3be8ee2e6bec28bf41a19348025e1b48db380b1491a362

SHA512
471bba96c657e4e81640e2adfc572ffbb23da477e20fd06e3ce4ec539f91fc532da90cd0d823769f008ebc95b8dcd00d6619cac6dfe594971bc67558054c5b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit