69906591fefefd4633a7c7af2876a3b132d35c0fbedfad3ba26181d44411e423

Analysis

max time kernel
89s
max time network
149s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 11:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ReYANG-main.zip
Size

35KB
MD5

0db8aa37f800422b9461e48dce82965f
SHA1

820abc945edee4080259875a637beddb08a4346f
SHA256

69906591fefefd4633a7c7af2876a3b132d35c0fbedfad3ba26181d44411e423
SHA512

a66a0247889bd5e00feba40c893ab7c22a87f2b35e7578cdbb797858802b1510d2444b11497c54268fd667ddf39fc292ef60325f141926c47551c9005d04d714
SSDEEP

768:yCER7pNX8nL9XhVCqxEqdeRZ2glz0sKXtuUv:HER7jMnxXhwwdgzdKXMq

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
223	camo.githubusercontent.com
224	camo.githubusercontent.com
225	camo.githubusercontent.com
226	camo.githubusercontent.com
227	camo.githubusercontent.com
228	camo.githubusercontent.com
222	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1712	chrome.exe
1712	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe
Token: SeShutdownPrivilege	1712	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe
1712	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1708	1712	chrome.exe	36
PID 1712 wrote to memory of 1708	1712	chrome.exe	36
PID 1712 wrote to memory of 1708	1712	chrome.exe	36
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2108	1712	chrome.exe	38
PID 1712 wrote to memory of 2236	1712	chrome.exe	39
PID 1712 wrote to memory of 2236	1712	chrome.exe	39
PID 1712 wrote to memory of 2236	1712	chrome.exe	39
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40
PID 1712 wrote to memory of 2220	1712	chrome.exe	40

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\ReYANG-main.zip
1⤵
PID:2280

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60b9758,0x7fef60b9768,0x7fef60b9778
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1608 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:2
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2352 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1612 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2624 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3340 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3916 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2052 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3848 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2416 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=580 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3716 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4128 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4072 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2424 --field-trial-handle=1420,i,8195805067451434962,6133445780653509128,131072 /prefetch:1
  2⤵
  PID:3028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13b76dfa4d188d2194f5dffeae8e67c7

SHA1
f13fb8f3d6f19b56b064aba53d1c1e350d117adf

SHA256
651bc3ba8156394847c67aea7a31ef058b8dd75ffb5eb10c7199b99a121b0ca5

SHA512
645cdaff55de5b5b84a89413bcae99dcd0c2dc8903477418d657c4ba8c30a21b4d546443342fa7cbcc68d4068c02b4c94c39c45d2a8802bd5cc91cee8a53b3e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84ab6c50e149dc673ae8559f8b5dc883

SHA1
f455ab5206ba1d8d06d855b0239037a92eb588a2

SHA256
e135ca05f6faa00e914ff3d0687104789e6f2d1d0349356d15228283db9768bd

SHA512
0ecba6cdd3ce4ef617c4cf1a46a9749e4d7bcd57d9f786a3ba426996dfbe46e8edc363ab328d2aa63871d198b1866a23d31947f5a9477d142832405ccf61962b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
68KB

MD5
f203d75a70ada036423e83070526987a

SHA1
06e072c8d3880fb8cab740f01308fc44cd211029

SHA256
9eba99bb152b450919ff7bddc78c09e5eb0c857659b4fd593c94087d289ab255

SHA512
aba05ffe088c648093719cf2d25fdf46a7055583aa496dc8ef6b15c2ccae8d82c91d102edeec3bca5d6556a90c6d9cb03d688f5ba83f7fa87e1745c06a6d5f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
324KB

MD5
8a0e641a47333f5915945b3b64df19df

SHA1
f568c61dae06ff84b08b9451ceeba1ec5b723da5

SHA256
ff6ae2ff9d1dd874aa31120a6020091ac47aa8f97706cc802a91ef6c645d272e

SHA512
d5b5d31361fe41c7bf2e3f2840642407a607dd9ee12ea4c983243e21a11233742c1a0ebf6603174217113a5655bb5b0b11dac95f776a6a50c0c02ba365c1f8f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
139KB

MD5
24c4c4e82e2abb31216eb780250f3254

SHA1
ad9ea52991ecd836b559e9b8e7a6786333f153db

SHA256
f140f630da9d4630885a7c458fe22a8013a5fe705f7baa421e50656c6f4abf20

SHA512
ffb9c710be3820e03e1585269317900102f8f20afc1fd0b02d64128609ca88bd2cddc5fb30f597d9dcd27ead7af0d332875cef8ee781ef1561562dd8cff9b4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
248KB

MD5
c2466359cd8549f908dd0540c3d0c5bd

SHA1
e0ea33e5b97d325f112657c75a7975c1d56f297e

SHA256
35d742ed94d24e6fb9e47d96aec2b4e1021c130b85357ad1ace310dc48ef6d42

SHA512
1f8f2b025e6bb6a46e5fc35a000f32d86ad063de67c1394bb48ad00e69e76b8b4605f4a93801220224c41de66f1d8a073e47ebfdb08ed2e0d73e323265a9d9f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
160KB

MD5
6a2c568cb397fda8906149200b696ef0

SHA1
635dedf6cde57a3a3c82a26598a187252816ecf4

SHA256
efa84572ca636981bc0cb766725abde6acedc23991b09520da99be2b693157e5

SHA512
b057da712787a853bacae5839713f87d32251a27d9269e7ceb01f110ca843a23b0bed928628d91bc85087688d16868864a1cb74f2e60cc2b89e3a462fe8dd3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
41KB

MD5
18217e12b9a6780c97b07ffdc86344e8

SHA1
f429e8b4fae12cb2ca6bb026ae7ed65fe357fb74

SHA256
d0ae1460084460ab2fcd7e361e9ade3b58c95ecc90d4e2e8a7b10f509d9b6113

SHA512
46db205c0877c1ddb409b9af3b35b7e336b72c1dc46d29a8604485c78910e6388662f69aee976f5adc4a95aac86b3662547d251899843393d082578ecf790f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
219KB

MD5
1a81f500b463d9db19662ee494c7eb41

SHA1
41ea7fef791dc238156a69ddd9e380fa2f29ea6c

SHA256
0be4941bb0be1f91c484ac2076c2a89fd0bc5b3599b4c025f804aa5c5df699ae

SHA512
6e8263e8f5adbe98e1cd10da1f9cd2972d3d39ecaa01967b1801209d0a6c34c8a9041a2d34da4b39df5746873f3f3f8cdacb90a415584628009403347a182f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7758e9.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
695b57022573dd7913b83cbd13e6d3c3

SHA1
256060a48be27ee3cf2c5d211bad81c77061ae2e

SHA256
166c1d020115d5021776bb83845b38d0c0344594c51dc5e7c21802b8c54b3237

SHA512
635ad17b953b7b88cc07aacdcb5735f2299fa2fadfd3a6e2d75ee6e2fc7678f85872215404a71974f8c3fa555492221e3ae4a5d589f32c820be809afee7bff4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
5ce910f37527ae4f953ec6ba3a5b9e3c

SHA1
91dc63ea2969e5e6a321d099e5e5dbbe9b535cc1

SHA256
4d01a9068141c19f86b405634c321e5af40481f97fe7f24aef753cb1d8fb89ac

SHA512
99c4a7d7e885d94f8bffe114bfd498140f922b14850c434db5b2c1d64ca0fe192327db5f49f5143c882bb06a5aaf81e1337d6f696fcf6ed77d8260e8cfcee99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
49277624c7c88d04e15c815b03f2b8b7

SHA1
c760698ad6dd576dde6b6c24388dd64fa08e4862

SHA256
aa1409320d6d03efc333e81c0691244aa929b3b4f3a7c53abfe637fd7e269ae7

SHA512
39d1eff6914f25197f8d0f357567ed7419f51bfccd07365054c6702f945cf0084b45acc15a3c0729063fc73eb04f5fcfa18eacfd5a4e211391bf52d88d442669

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
723661883bfae2a3ff9fadb71f83d29e

SHA1
aa1851256dc9ae7e2eeec740e1afbd5700ad77dd

SHA256
c3e15568b81fe8b969facfeb91d49695a0d10ed78f786837fe92d08c3f779463

SHA512
eafd4d8eff2201399cc00689312419d6143c4b168e018ad051e3caf59b0e8039668af1bc7838e09b7d3ae6d2df01c06e60cb40b297086cfcf48783aa54d9f18e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ea301c8558169e7fb1c13d12b3ac26b

SHA1
20d77c54cdb5b9f4b62c8226785b27d8e6e7be2c

SHA256
59cb4880fde39f1a75e39dae4cdc4aaade8debe96e440ef1d911810f85753716

SHA512
dab1d1114726d6b98f248eefc91472a11fb59e0bb00755b1cc28cb59fac03c494ca5412bcc6fc0ff95e757fa390dece7c6f54ea5cc88c411373c386b8b6c0f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
37669660f9dc0664bfa71bca4619164c

SHA1
112b6925e377f4514c7a6e0e9e38c57b1a7df11e

SHA256
5794bf65a30043ecdf4547a56c2c9d871f9f6caa5dae41059294f721dc39a4a5

SHA512
23ee7b7b37fcd79c560e5a1e51683a461a74536f9701c11554395f5f09081b9057f76165ce983568c3c8921a0cec71c43c0b6533d2df4850feaced2b25af2fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f77685ed889711973897744357b772bd

SHA1
b903709b19d633447de93aca071133ec4781ed5a

SHA256
e0dc731661b1b7639f5977328fedacf09ce7ab5af5efde583ca4498b62285873

SHA512
9283bbc18e8ab24134e26700e1f405d6eee9c850aaaae7b4fbec17390db0cf7f1f1eb362052ebafa227d6ec566123d14e3324bc9a5ea036e266e8f9e7e66c60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df860e687a5ba3d252ebbb2dd81ba752

SHA1
107e5e08914e80863165cbb38deff4af0c631f48

SHA256
4f1b67118c93c10efe21474944e2b61bb066de0e6350dc3fba2eef2a5005618b

SHA512
6f811a2d06c6fb3f337fde92f42a27df15b7c321ecc76d71a6fad7672a4926a75d16a9f14872e137dc996d026e6dc83d8209b78533cf0f60baf71a2d026a6b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
294KB

MD5
0cba568dabd238044d987c91d6e0fe7c

SHA1
9f01a9312866fc680f09a026ed4bf8f01989beb4

SHA256
0edb2999187bfa5012e0996ad61936062477b2961d98a64796292f97910b0e91

SHA512
b908fa120b9aca508567c91d6b5cf581ce76adb1111bc76b076730201908f03e89d45bb9df1313127f49ed4bbb52a2845484dc0e8a091655893070edf2bd3707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
6032ddc223114df1ebb3860d66056fdd

SHA1
f7a974dbdfb6e070a8336ca98c531279ae963767

SHA256
835aab127c532430e4b47937ee083491625608d7d4f8c3a44b3fd076286bc5dc

SHA512
340328312f50d3e9b35ec6c35c840d282c604fcaeafb6d5714e8c61df2efdfd7b12a30acd9ab9b8990d053334100903b9ea5a1a9a4b38b6f01d9728adc180b8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a80fd9cd-495f-45cb-a3cc-59b883965857.tmp

Filesize
278KB

MD5
8512647a347d1a07c3c7a3c8bd04bcee

SHA1
f810cb320140ce09a58e4592c98474366e1a1fad

SHA256
6eaa5f41898d7b16a9b3cf3980844d177d4c881362d39c3f342869f3ec7203de

SHA512
80cd1353ea10f8721b3319f0620394e902cf9c93c3fd64f2a2b7363117705f4f04120d282a0f0420d87442685f135acbfc86ca98edb4fe91579d8f058488d23f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3EF6.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F18.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit