hxxps://ungothoritator[.]com/?rb\=wm19d0jhhjxinx5n5fv9dhcjcqbbay8fqk_hskg-q1jdw-ptva6jfpmcy8dlgkgtv4fnwww3pg88emv64s2sleysf7dehqozqjh1b_seynnu7tb8h5vyrfkgyxxshtz4nrw6b73jbfxz5kkxmhgvpak9snqkchmwuiewytlkyzkil6q7k3w7rcn_v7jgji1erkekjucsciipzh_iwwpon9ehudfg3iokwqxpu1l40pkodxxxayxfhcuw3di0lzgh_zrallpzpzzqrv57422w3qawlncuubwryf--w7lg31c%3d&request_ab2\=400701&zoneid\=7045273&js_build\=iclick-v1[.]728[.]0-rc&jsp\=1&fs\=0&cf\=0&sw\=1920&sh\=1080&wih\=912&wiw\=1920&ww\=1920&wh\=1040&sah\=1040&wx\=0&wy\=0&cw\=1903&wfc\=1&pl\=https%3a%2f%2figetintopc[.]com%2fwaiting-resource[.]php&drf\=https%3a%2f%2figetintopc[.]com%2finternet-download-manager-6-idm-free-download%2f&np\=1&pt\=0&nb\=1&ng\=1&ix\=1&nw\=1&tb\=false&btz\=asia%2fcalcutta&bto\=-330&wgl\=angle%20(google%2c%20vulkan%201[.]3[.]0%20(swiftshader%20device%20(subzero)%20(0x0000c0de))%2c%20swiftshader%20driver)&js_build\=iclick-v1[.]728[.]0-rc&navlng\=en-us&pnt\=-1&pnrc\=-1&bs\=7bf762b3-ab15-4d73-9a8c-60eeb3369062&userid\=00801bde78d24f24e2320820f0544dab&os\=windows&os_version\=0[.]1[.]0&is_mobile\=false

Analysis

max time kernel
303s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ungothoritator.com/?rb\=wm19d0jhhjxinx5n5fv9dhcjcqbbay8fqk_hskg-q1jdw-ptva6jfpmcy8dlgkgtv4fnwww3pg88emv64s2sleysf7dehqozqjh1b_seynnu7tb8h5vyrfkgyxxshtz4nrw6b73jbfxz5kkxmhgvpak9snqkchmwuiewytlkyzkil6q7k3w7rcn_v7jgji1erkekjucsciipzh_iwwpon9ehudfg3iokwqxpu1l40pkodxxxayxfhcuw3di0lzgh_zrallpzpzzqrv57422w3qawlncuubwryf--w7lg31c%3d&request_ab2\=400701&zoneid\=7045273&js_build\=iclick-v1.728.0-rc&jsp\=1&fs\=0&cf\=0&sw\=1920&sh\=1080&wih\=912&wiw\=1920&ww\=1920&wh\=1040&sah\=1040&wx\=0&wy\=0&cw\=1903&wfc\=1&pl\=https%3a%2f%2figetintopc.com%2fwaiting-resource.php&drf\=https%3a%2f%2figetintopc.com%2finternet-download-manager-6-idm-free-download%2f&np\=1&pt\=0&nb\=1&ng\=1&ix\=1&nw\=1&tb\=false&btz\=asia%2fcalcutta&bto\=-330&wgl\=angle%20(google%2c%20vulkan%201.3.0%20(swiftshader%20device%20(subzero)%20(0x0000c0de))%2c%20swiftshader%20driver)&js_build\=iclick-v1.728.0-rc&navlng\=en-us&pnt\=-1&pnrc\=-1&bs\=7bf762b3-ab15-4d73-9a8c-60eeb3369062&userid\=00801bde78d24f24e2320820f0544dab&os\=windows&os_version\=0.1.0&is_mobile\=false

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548164155339873"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1076	1936	chrome.exe	94
PID 1936 wrote to memory of 1076	1936	chrome.exe	94
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 4992	1936	chrome.exe	97
PID 1936 wrote to memory of 1364	1936	chrome.exe	98
PID 1936 wrote to memory of 1364	1936	chrome.exe	98
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99
PID 1936 wrote to memory of 4036	1936	chrome.exe	99

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ungothoritator.com/?rb\=wm19d0jhhjxinx5n5fv9dhcjcqbbay8fqk_hskg-q1jdw-ptva6jfpmcy8dlgkgtv4fnwww3pg88emv64s2sleysf7dehqozqjh1b_seynnu7tb8h5vyrfkgyxxshtz4nrw6b73jbfxz5kkxmhgvpak9snqkchmwuiewytlkyzkil6q7k3w7rcn_v7jgji1erkekjucsciipzh_iwwpon9ehudfg3iokwqxpu1l40pkodxxxayxfhcuw3di0lzgh_zrallpzpzzqrv57422w3qawlncuubwryf--w7lg31c%3d&request_ab2\=400701&zoneid\=7045273&js_build\=iclick-v1.728.0-rc&jsp\=1&fs\=0&cf\=0&sw\=1920&sh\=1080&wih\=912&wiw\=1920&ww\=1920&wh\=1040&sah\=1040&wx\=0&wy\=0&cw\=1903&wfc\=1&pl\=https%3a%2f%2figetintopc.com%2fwaiting-resource.php&drf\=https%3a%2f%2figetintopc.com%2finternet-download-manager-6-idm-free-download%2f&np\=1&pt\=0&nb\=1&ng\=1&ix\=1&nw\=1&tb\=false&btz\=asia%2fcalcutta&bto\=-330&wgl\=angle%20(google%2c%20vulkan%201.3.0%20(swiftshader%20device%20(subzero)%20(0x0000c0de))%2c%20swiftshader%20driver)&js_build\=iclick-v1.728.0-rc&navlng\=en-us&pnt\=-1&pnrc\=-1&bs\=7bf762b3-ab15-4d73-9a8c-60eeb3369062&userid\=00801bde78d24f24e2320820f0544dab&os\=windows&os_version\=0.1.0&is_mobile\=false
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae3b59758,0x7ffae3b59768,0x7ffae3b59778
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:2
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4816 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4904 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=984 --field-trial-handle=1804,i,10180346745993786645,12923354894997468957,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:5888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1ff4c0dbf24776c9d86d8bcbc720a72e

SHA1
3777cd31a38f568a4b04ffe6c36afa74f051c810

SHA256
6c6e264a5807ed9de8caf66a236079fe5122f57a2b7eee89a431480e6c19dab5

SHA512
518de91913748c7ee76fa667b3d1ea734e32e081f78d25aa6be7269092606aacf4a4f661b1ee23b4935db7e7f598013edd9125174d89b9880fecf5ff504e51e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9dc6bac12e9eb5f871a3103584561c34

SHA1
5161e3e65925f2ed3134b18a62d8047ef539097e

SHA256
c20423355fb21eece288d8fd59c2e4b4f464d22abfd8ab2a4b2127adf9649e03

SHA512
935e93eac50cf3da54932570ce50872b054b69d60ae1cf11cba83b515eb2df1043b3a8c7690bc53a2afc9e669aa7c0164585af2bad82563a335a7ec8b13b11ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48a4e5f6e19d40f05f632e2e1037a29e

SHA1
b8a43b863a42b1b13ba62d5348af749cfbd7ab34

SHA256
e21ef18e94f8d228a68c5953f5d842a6e75740495760f45f20c7f972e1c551a8

SHA512
a8be842fd3ac152516ebf3464eed2550c1940935830bda99f4a6155c6d672bdebef08d1698ba7fa747737e35e1451f5baa5516651767730bd08d5e4b26feb09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7eb233652a290e63784ccd15ad5aba65

SHA1
bf771bc057984c5e4bf6a97b4cc068e582f21f30

SHA256
235c17cdc3b0a69dc3fdfa8372237aa5b9ae711e3912be417d191e3654af97ae

SHA512
c6932c9cc608221fb09864fde43fbd7494e1898ddca5ac6e496714da1450a0d36874fda97ac919a051bc9ac98f8293edae70e5d577888ff0712a2e631502e8ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
66b14eaabc6eef35d5f5e249c2f36394

SHA1
a14ba477dbb0efda071a9aba53fd5834819538db

SHA256
f335c0bf4562e6f3afba1bc4846f59b1801e8686102a36675f3272de82fb232c

SHA512
22b13e6e0567286b22ab8ebc896aec071f73ea2dfdc319ca80bf109625f90ecaca530439fd5ef47380a7344595cfc3e1893a49a13038520e3ae3b243d9e71de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
04d8e96adfa9b643528794c432b2bccd

SHA1
09b986a247c08ca896ba646d01826ce404d6c52a

SHA256
10980a4b26e2b1f1e1c366a10818c86aedd21df6d7fef0759afbbe763abc5a06

SHA512
094d25d78fd0fd6aeb0e51f0266d91b4a9f26ece8db244e842d5b72db897bc509bc8dfdf0a2136454a0c749c18498bc9c3a32cb1c6f426b419f6bc403ded4bb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit