1c5cd32a192d6dce5634adcf261f21231e8b6ab85fc4bcb9797e1b13056a1f34

Analysis

max time kernel
42s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

oyunindir.vip crysis.torrent
Size

15KB
MD5

004b16caf233eded177bc452de113d65
SHA1

baedf69b15ac5375f0da212585a8150f5130bed1
SHA256

1c5cd32a192d6dce5634adcf261f21231e8b6ab85fc4bcb9797e1b13056a1f34
SHA512

630befc87149bb2e111cd95aa6ac3a85db792b41fde5ef3b8d8619e56e751da0b7934b77376da7a33eb79edf8ab252bd41b6bf370bd7cd4ce063ef5b1cb4fefa
SSDEEP

384:k04h1BzKeZ3vIps4qtqCDjR4MpLWDxCFuMiKpcKNxSqiJaJHSWrF1slwDrOkYa+l:6U1r7xHOC8T5hEnfTZEYrZX

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2604	1708	cmd.exe	22
PID 1708 wrote to memory of 2604	1708	cmd.exe	22
PID 1708 wrote to memory of 2604	1708	cmd.exe	22
PID 2600 wrote to memory of 2560	2600	chrome.exe	31
PID 2600 wrote to memory of 2560	2600	chrome.exe	31
PID 2600 wrote to memory of 2560	2600	chrome.exe	31
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 2952	2600	chrome.exe	33
PID 2600 wrote to memory of 556	2600	chrome.exe	35
PID 2600 wrote to memory of 556	2600	chrome.exe	35
PID 2600 wrote to memory of 556	2600	chrome.exe	35
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34
PID 2600 wrote to memory of 572	2600	chrome.exe	34

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\oyunindir.vip crysis.torrent"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\oyunindir.vip crysis.torrent
  2⤵
  - Modifies registry class
  PID:2604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69a9758,0x7fef69a9768,0x7fef69a9778
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:2
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1408 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3824 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3720 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2608 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2356 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3776 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1164 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2792 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4076 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3760 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4032 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2632 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1700 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2004 --field-trial-handle=1232,i,11479586970910250264,8549874501701204502,131072 /prefetch:1
  2⤵
  PID:2104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
3a67624261efc8d572a5c2c1f907f56e

SHA1
e5276b4382b11ad66830ac58de73d8a2dd9f1588

SHA256
f9d87fe0e13aa35600d630630913e54e1bf7bc8af94c3502cccc6313cd3da8ab

SHA512
5b86f987045570ff43310c37d43613833c882c09e28e37a0185988ffa24b1b48136bc8a0dc6a6dc5e65600e73f68f09a148acff0bef3bd6f1f8b60a2cf3409aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edf75232f79f72770ceb9eefadd5341d

SHA1
bc03abdb032fb512e935b6aee9902488decef55d

SHA256
2afe9e3616805518de794bd03b839168583a0e48372d9323405f4488e1e683d2

SHA512
0632fd8337879e4c09cdbebcd240dda7ea8b8c0e1571f0e46723f659bfb59352c1a01a7d3509810936011110aaa0aceb3fce7e6ccdffa5d908890770a34b4413

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fd59784dc3c54ca603753c1aa36545b

SHA1
549b75da42dd24c906c8037166246017e29e933b

SHA256
5cdeb90afc36c21f653a69a89260d6f79ef7ecbc445dd9bf393efd49087c9cde

SHA512
33ca69a18adb2e800aaed27705870c411b1e74a419dd1fb3bf3f9b3db8947e172c2b48464996670697eff43445ae67583b0683363d0bbc2b52af10d58d359177

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
560f8e910dae091449dbead5c67b665c

SHA1
d8ba031ccd689fd6b2d2ee5b8da2ccf1e3758c20

SHA256
87dfa1d860d7263d5c66accb5fd994f4b6400b2a818d33cf4be9a3ea92b17b57

SHA512
25b9258d470baef5884110a21f45f49461d7420216131ea90b6d991446ac6925ad2052bc62a6c5a6cd74a3ad57d2adaa6978cfd5c52e48383c541334a304ebfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7044a9baba8a1d0b2e941c90604806b2

SHA1
080e648fcf615e4728a2151411b29e1500581c36

SHA256
4d3203b768ca4ac9b0c6cc9c67aedd244dd4a775ff6e0cfe6978ada17b37cfc9

SHA512
33fc91576217893b9a66287b8a50c8534b5be0c996c7139d6fed0976632314c56201cebf6d869e735a3a74f4b045f127d2f0b9f490ed654cb6e4e0a66bff9ddd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d56a8b239aeee580d7f0fbce34048b46

SHA1
1f58e64a0a5a335d5fec35e5aca1f5106102471e

SHA256
3b892201c35f47daf9885f7e10bd1c858642ff7dee4f237292a3e96f499b452f

SHA512
9d3a4a1b6473e92a31b77118ee3e71788652bede98fd908a81881fe263f0eb9f785cb9dcbd71178cebcf6512f940daac75a553e38d8c81132cc2c5cb0ada8d08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
baa53165d5350df4127cec7ccaefb3a6

SHA1
a783bcde82273b44fa792b91a95a933a3e6de999

SHA256
eb27671243a3f4127889dd84995a45c2f2a5eadf1ecb51cca11694df571d95b8

SHA512
4296851eb2ef9694b6bf2c4164d2ffffa7bfdc81f7a4258170d77b6aafbfe38530d0b13004244275ce71d89138886c5bb3d92c35776f66f6f8de381b3e83219e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8baace788f4a2bf625246b70a4465366

SHA1
94e319b44d5d49c5e48884fe85d20339b248a8b0

SHA256
5557ddf47471c37f18ddac6503ccce62c6a23d54fef915f8e6752d8f334d0530

SHA512
1fb9a9fd7fc66da8e14f1b5ec5e68601d81d3e2c13bc722a46b498889c7ee09e0de0aeecbe8941c86da87de5b9eaf95e77dd7d3fbb0abf478e5208fdbad3b075

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f19cc0bde3d748b8a19409bdf186262a

SHA1
f27a5f71f2972dc0a6c32d69e459593474d5d13f

SHA256
36379a7088edb8933c3393a9f75f8e4a8be2c1d093da4dfb06066dc5062b7f84

SHA512
da0c59adf22e40b1587d73f99eeb4d53c91be9e74e3991c35003f4ccbf138c7470ccce0bb2898404aabbe867a334ff9ba4430780f481324c32944e2f5ceb3966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4abc85de7d0221fefc8a75f90c81fb27

SHA1
d303ebf291ecc1f6ce5509ef3d320e25d85857fd

SHA256
602254e6d707cdd5b3b4b56201cedf5848f2e8135d3fb5919607467b2b6934f9

SHA512
c78577f1b835c61ac3c46bf93eed19474acd73ba812a0f36e1a84563c6be8ba0484da352312c7b0e2bdce0e9415ebeb9a8107f833268ed943861300a01c42a75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c82ac2db0e6eb12301ae664ded6ae82

SHA1
90891749aa93ed0bf3187badcf8d734f3dd3ac99

SHA256
5dc573391b315c83c3848c28b95204ba024aa8f0009bf73ad471abdcd7137580

SHA512
640db246909b729238fd591ea2c2464506b787a879a064fd7c0a9d0d54098fa8736b7d7a407f509bc8b8e873c470973cf1c446a4175823f05175fa548d535bca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c00e8f81453c5a119ceeacdb96c03132

SHA1
cbaca417de3e5188bf572e524234f7756011fc05

SHA256
b93191f664172ffb5d50f1a21710d3e01153baf23256774257558878ac7935b3

SHA512
ea2e3ee45465d447351c890f1a94f91eee57d836cdc164500848fda2e6330e8abab2df6910c5846dbc1fdec83f780beaa6fa7d23e53cbc9005e3530f947c5594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
114b3e698bacd59c9ac01e8eac8dd002

SHA1
5e2eef5f5262d537a665a33e64b8ad8a7bc8e6df

SHA256
5655e9c40afa4c2e803b022de9240ee8e072398ccedcc1fe044decc96e378e7b

SHA512
2274dc0d497cbcc91ea37eb5e80eae1440bb8473524945b31a4a00d131a5015f37c7ccb4ae0106b8b2a8b9abdc7e2227e32af33ba27f50bcdc08d6e1c06ea890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b2d938d9e90265afaa15266c3229837

SHA1
9391356b3978c4cfeb711a9b9a7a4746aaa32751

SHA256
4e2eb36c9b39d99724b32d6f2a401970575f5146839bf4c23f9620c1e851dc94

SHA512
ea57354d1287b76e44532cb07366053c208402dd21801189983ac366610e6e1bc26e4c767c275f86698774b4448810bd864b2684fba3fefd1df0cb1cc47f0005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cddb643354dcd5baf0a173e06cdd109

SHA1
f6003a0c1f73d28b58ea146f26eb733b05082791

SHA256
d2e650ebc27159e46155c256ba08b9ab48d382fd3621b27a9c4297c007e87bc6

SHA512
d16da4fc2800a37bb57351e13bf461e1779c666e17151b5b9aee9f93f9a89b0e36a0a15b25baa28a31f94025a2f17991038bd7f07a887e876937ebf27d5bb008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f72a58f7b97d921d8e5f5b1d1d0e853

SHA1
b68016afce1b4d183eb1187d710b3a3f1ced0344

SHA256
2ab35d41623ecb0760c7420e9d12e4a365f271ac6c369d2cf3e2a7427201eca1

SHA512
04d10c37bf02f78820cfe64f28015fcb3d223fd673c724f7bbd423e732a0776a08f2b9fea2b14fddfc6b449f46b33e9a775a68e1440998f5189aeb4a990b652b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46b1c014e5e6113ab2f3f63a6749c422

SHA1
afd31c75ba6d8c53e03618b800d52941e9feb430

SHA256
3ac85060d5a1ba9a6dfaebe7ab22a0e5167c9e551c21d14228a5b259db6be315

SHA512
481857f159ef51800d22a6704fcfd51b21adfcf2b7cecc81a49b1a18d0ca19b421a8cd4adb659eaa02155bc212a0cca6e7fdf39b8b8a0b60dcd5ea5ca83849fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
411aa8ba9b4952e7cb123353fa38c387

SHA1
da2e930af65a71e2a694b060cceda0bee2e2e3c0

SHA256
15867e2d76f9eef94efe6800d2a54038e7a5dca2be1e267f15ef12dc587dc5c6

SHA512
cfad8444dce194c8fe70e00f6945f79ab30ac4cc5506d111f98731ce4beaf83a6fa456f4d4c6f7333bcf93bebff0ff3046ea7cc13702cb67e3ed463261bd7bc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
353552c9d5f1a50a3e62af2f20f00695

SHA1
0e5bb940d02c903e8e9308d586c9b355f9aa0aa4

SHA256
368ba68cfe0f80c6875dfcfbd9a44e2665f720c4bf19090a2e71e20e1888a108

SHA512
9459ecef799a16e8fe730feff5ab59346665725d38469135fa90d4765043706f2b88a0bb728c7a43aaf0b6d51882bf3d902d6b5c1c4c40ad1b7df9aa9b132fb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49f88d80e70079e28aa2013fa95cbe2e

SHA1
9e435f36b20c841cc3b83bceb0106810a92c61e5

SHA256
97f31d0b4f26f5cf6b0c2b274180768758c03ccb98217d1095f5866974cc78d1

SHA512
32345b62e032e599a089a99d00a106da2d064e48574b5631f16ef665ef00581c7292cf032884bb02616f20bd297014af4a16ac3e661141f0c63cc88961a0a625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
9787b4f5d345796087f920da19e44c21

SHA1
c9cd8f4dd562e08cc014434e92fa0ce5d90f5d29

SHA256
9151c6273d178d648721d0407104b84a6e7eca145acc4ac4917a4607a1c31fcf

SHA512
f8023402f42a52a1e852df3d396f1cdff5e1963000c9e84fb5f4044300f37fb10571d7f8023ae24ab8bf3c742df577efcdfa4c7ea5fd1170c9c678e81c6cf7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0e1b2066-c387-44d4-baf3-837f3f06076f.tmp

Filesize
6KB

MD5
4fc80de114fb672773891f5c3e607977

SHA1
45ba032aa4cf2785a698b22052a1311858108f89

SHA256
fb9eab13357bedc5fe41a6f675fc6cc57c7e8c52532c95c114f2c1caa5794e2d

SHA512
1bb07185c07776e89ca58ad545074ec57c81b4765733c3242850c084f1d473d29e5645e8cb7f3449de49e2c26603a2c72add143f62a6bd1336a50b98096746e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
70b4d89bc34b730c3382fa004ae20cf9

SHA1
e8c5e49c9bd46f2e3799d956405009841cc0fce0

SHA256
7fd1132e106b35eba3c1936d0fa90ac84bcd31e943d78cfa88a9bf08e65ecd42

SHA512
6e25d145f28e0134dbfe6a26b28b85182ce3f311d6a6d2cd58d7e87e7c5175b3014318da17dc7afc97f3e54bbf2c3c50f43b6e829ffcfa855d5896852f710f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9568ca266057579a97a21ec416b5358

SHA1
e5c05d0674fc78e61e9789af6383b25c46278999

SHA256
be3875a20ff803cba556df552d4146546720b8d3c65501d3a896622285c1e1d3

SHA512
54ebbf8e8bbf579143816ddfa8e53125ac559ba295c51017c9cdda19152b661d43f03e8594226539c1cdd8adaee4e552435831500b377016b5d5909e3cf8bd9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4e6451a2388d58cb847fbdb961fa401d

SHA1
d6510527f0a9e8352bc701dfab3abfe3301e7b80

SHA256
321b5e1be281fb457481e1eb254e69567cf2bd2fa7f1d05be1cb2705cd58b2d6

SHA512
7a71084e5cbc9830fcacff5195614f3cd9e12d8ab9b02d5603971401d6b04b05b9e2417dcb0637a7d94ffc3fd69bfd3634d56641797fb08c6c1b1bddfbae321d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
20a574d92712cda0174dfb2387537bd8

SHA1
55843c12494bc8eab19c9119653d8fc5cd89a14e

SHA256
f78e3cb27e2649cf8625e1985ccda8638dc9fc32ee11f7f0890fa0e0d236d365

SHA512
a9d0e2b47704d1145a82a50fbca66130c2a30dc59ea9c7632ab7e965e386a5baeb68e2c20952d8bdda2e19eb0f8e2539e9bdd142741340515af00d93e5bfb8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3EF6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F18.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit