745231b114be9c085ecbe47d390dcaf2d7756af6f73705e92bc79028dd1a6d63

Analysis

max time kernel
39s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Detection (hwl).exe
Size

4.9MB
MD5

8e4a5b6ab6391d226e9114161b276f40
SHA1

1c70a1c8f796ca24c90e27c01cbf73e2bc1dc09d
SHA256

745231b114be9c085ecbe47d390dcaf2d7756af6f73705e92bc79028dd1a6d63
SHA512

8bdb8c572870abacf4f61bfc2bbb9d8e820387242d2b3ee07494072d14160cd501245af09f8618a790af991f3a3d03b172be68291fb7f86d3d31238a5733d2cf
SSDEEP

49152:Wm7UEpEucDlO5Z/e0k6KU+e69qSr9MlGwxFRnsB5XuAjJIoJgsbtEVjwEriD602N:HZi6DNkU5VnsB5XuhsMJOr2SRj4

Score

7^/10

discovery

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	Detection (hwl).exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	Detection (hwl).exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Detection (hwl).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Detection (hwl).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Detection (hwl).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform ID	Detection (hwl).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	Detection (hwl).exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\bios	Detection (hwl).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	Detection (hwl).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\	Detection (hwl).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Detection (hwl).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardVersion	Detection (hwl).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	Detection (hwl).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2896	Detection (hwl).exe
2896	Detection (hwl).exe
2896	Detection (hwl).exe
2896	Detection (hwl).exe
2364	chrome.exe
2364	chrome.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2896	Detection (hwl).exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2896	Detection (hwl).exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2896	Detection (hwl).exe
2896	Detection (hwl).exe
2896	Detection (hwl).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2376	2364	chrome.exe	32
PID 2364 wrote to memory of 2376	2364	chrome.exe	32
PID 2364 wrote to memory of 2376	2364	chrome.exe	32
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 968	2364	chrome.exe	33
PID 2364 wrote to memory of 1364	2364	chrome.exe	34
PID 2364 wrote to memory of 1364	2364	chrome.exe	34
PID 2364 wrote to memory of 1364	2364	chrome.exe	34
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35
PID 2364 wrote to memory of 880	2364	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\Detection (hwl).exe
"C:\Users\Admin\AppData\Local\Temp\Detection (hwl).exe"
1⤵
- Checks BIOS information in registry
- Enumerates connected drives
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69d9758,0x7fef69d9768,0x7fef69d9778
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:2
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:2
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2196 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1748
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400c7688,0x1400c7698,0x1400c76a8
    3⤵
    PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2772 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2396 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4184 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4164 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3412 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3404 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Users\Admin\Downloads\Detection (26l).exe
  "C:\Users\Admin\Downloads\Detection (26l).exe"
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1312,i,4656359222332881466,10635911489079501742,131072 /prefetch:8
  2⤵
  PID:644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31aeb42d709100c058a4eb4b7ecd94f3

SHA1
b5d0a8f04c62b0ee678b3e80345805ea37da3a8f

SHA256
a3e97697e3129b6d1178a9069924abb4e4cb903d424679d30d2a10c1dc826229

SHA512
19551a7b3ec952ed3b95380c04201049c50a2b84130ffda38fb6013d4bc20c0534cb8de32c8bafd46a8fec3416165f08717d4d165f35001fa66db6605aaff6c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
124ebd3e505694f3139b6665e32850a0

SHA1
29d619dfd93e6753ee9380fc40caf06a709daf73

SHA256
60486ca09a10c871ae1c1fb9056e2d8d8b6b69310d8463412152411c3e7a35bb

SHA512
3915910b4b5f6ab41c1ac64400c07edf716fad771d6218744b5e3dbe67feec5ed2a48bdcdd926b55c5e1890f99767ef75f8ab989b976dc7ef8a531e8cb42a672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e5c65d028bc6158c998439cb9efbbbd

SHA1
1a2d0ecbed3fcb9b9b85f34e7d8e63c61389d47b

SHA256
08bb3d4592f426996360f1201b43f4b6f0f5b9d67155932fa7db36e1448f92c6

SHA512
42ebd7d601724f91c9aadf6f667cae2841262a7d5db99f79863a7f94013c6bc2a1153f992aa07c65b8ce6371b2771bd354990898ee11cb453f8d11bc86a30a31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb91abcfdd5349859721996f1c4d2967

SHA1
10ccedb3dcdb85c029fda1ddc576313bcaad6acc

SHA256
6e621945339571cdfcdb47b01a9df0e5f53bb8d29e01882f591866e4d61c8e7c

SHA512
38dec2b2b57466c9276d2ca4d2f114baceaf6b592e494bd0e0af7c167d9dc91ab8ad7ac3bc82ad2c52cd9a1902fc003249e9b428b0840f74aead046fb8c9ffb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0a69f096e475defbd308aa87d795201

SHA1
5d620b565050434d9d57db917f72860ea334f724

SHA256
d98d7834205db0a313072f86bf7c418b3d343ca04a5528e969fe66b6e32c88b8

SHA512
7896145a06a3482f05f7e0a6d0beb85233b48156f6ea0fe64a91b689072a7c9999ed061b9dbd476168dcdef427cfb1811981d46dc4a6b08f5c25efca3cdc3a80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bd51d136e58c3f5fd044e4596aefcf7

SHA1
63e86de12726cde387d5973a22be7f8db747b36e

SHA256
8e9b39d35099910cdd44b84869c1c1e680254b20fddfe4e889a524a541dccce8

SHA512
b07d800232f16924b10d2028ec62d90c612094321b6085b064b5dbf291b299f34c9320a4afa9d5c1202a446bd4ca47b87f36217f1aece34e660116c35b88b361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1c6d82158ac0484c68a2d8f3c644ee5

SHA1
974b1484707f25ee3561acc44407fef648f09b0b

SHA256
ae22a317dade0880482b0e7c76192e21c7ae141e824f20cd9c2cfc1e3dc7e106

SHA512
3623bc68c55a9164add967166a10e0d303bc8973d203ae39279ff6977b7d2bd723b584b2114201fec306311d608efa14bbea51317b52eae2c58880076b8f774d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
159576ca9fde6e02e20c1d076067ef87

SHA1
b660bc7085ad27c488756d096b15697516899a9c

SHA256
5fafecec660a15fad920ded7bec567cb98e1598e3b795f45153e3cc122c72a2c

SHA512
604b15696ebdb1929bcc4683c49be24b352fdc35b46a71a0c9c525dee6d60e94fe31c2fdee89189e25e68e371e9f3024eb09b1821c4b649fd32fc3f64c21f881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77f6fac95e113129c32ecb192961bf9a

SHA1
c0694323d6414234ead21c2a00d9422cc9dea23b

SHA256
be24ac5f46c89705c0dea300216282e18f404f8a252a43322ec75ef4ded4ad6b

SHA512
d5606222a664bb3ae172cd38f5f4cac97294d020980edac2d12c3075c7233160c3ea15c8b438d6322a6bf0d8135790cc8b621b4882799cc293da4592527fbe2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e5cbd4d0891bd7152e60044005263fa

SHA1
e81717ffef4371227c61eb2a384fe01b32eb08a1

SHA256
d8aec963c60854d0f736e56c848e1f3d46f84e0c51bbd30dede30bb82d00d9a9

SHA512
ac4bf06bb41d359b4c5882a6b4e1b7c5c4a9ada60b526720c0cbe76f4f8a4d3c9bf7c2e816214c5afc095c37441ca95fda4bb6703980e7fa53644f543f5dbcb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73467e5872f0a7d50172830112a20386

SHA1
07cfdf61319f13ebb23133e0bf6aef6206432599

SHA256
8740948ef8dc39a6df6dd7454bfb65b4e4fa6bd7526e7e94be6f4e7683ade39b

SHA512
01ec4eb666135b284a7413138091217cbaf7f10a39858cd7e5388a48464f0e0fce3e3a1fd5f3bc69549b0c58f2ebbc1c60d767189a47daf50f34c708712aa661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cde194750136c1a5a9270a984f12a367

SHA1
a5e6d6f21ab0ff504d831a9327e4b176083f1c86

SHA256
9938bbacabcdf1cfa07ce1ff7ddaedaa39575e2492ff117efecce5bd6787ffdc

SHA512
1e7035bbf8ca4a271cca80069bce05d150c6f5465441fa3cdb3497c4272984eeca7f5777a5db9aa689f4422c256aa312ca621ec926d6e92b6d4e550768669f55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cdf47704991cd6746a6aee5274eee6a

SHA1
9e3407d6bd87871db265db54cc2a78559d6af29b

SHA256
038134233e42985373a506066edf2006ba64c654bbb90e507328f3de90d45a77

SHA512
4b4fe32e24e122cd5d77bcd1ee6bc4dbb8c33fe84d7d811f542f0daf406c5b0b00e1c5b47673a5ae2d116eafa3c986900382ab84111ffbb96a404d3423eb7491

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9e2934757b6beebb849827100c60ee5

SHA1
b4ed722abf6b34196296325bd05e6e7b19bc071e

SHA256
2e494459d82609e8c55d673b910e0fe674039595d8135396448a3b974f776e5f

SHA512
c9661938859a13b563f23262b63e307e31e5d11af4db768004cc9a730d4bf3aa3ba8fa6dc8f90982f3b5dcb6dfa7a6c436450f1fdeadbf268eea76f871f733be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63c234d82a218851d92d6e625ce37d51

SHA1
13beb2647a31ef00b59701657e1871adbb88c8dd

SHA256
677652122f8022f81caecf28fc0b2368a60d771d7478ff12aadb05b3db9c5ee6

SHA512
087be14615cfe3abf1b6adb439077c21d4f679ff50163e6bfaa9eebe252b33a58833d94fb2c2ab1da144cb25225eb930b9d3c356b3379557401e75f94a66346a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
5d5fb335199785c391e530af01af32dc

SHA1
a609da6a97e75a427f3e044c1ade02577c21d582

SHA256
e47ee4e20f2754c2efc903e269043df7daaa8e43d305babf7bb6e2df12d8ca72

SHA512
8df8ab3204c92075964e273074efa6958fefb0947a6f952b8a15e246ab280d3cef9d153afef1a398f04b6facde2eea1149f7cbc65a27909cab4b9b6affd52231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0c503185-6b2b-46c3-a019-969f2974746d.tmp

Filesize
5KB

MD5
7078e100f6e0400d0b558cb5f089a091

SHA1
563545db4146619b17c2055e1dd90efdc1a02faa

SHA256
670629397c87cb3ec4c4beb07b7ac7099d52fd18dc7ca7d4bb68b1db752a3172

SHA512
3c36f0e00540d5178868154c3dc6bd8f6bfd6ac39ef953a62dc224e81ac0a6c554fa6645820aa43735c6079a570d1e2d7750b1864faff225a2250eaad6c6953c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
074b2391d72ce0c6ac2cd143540d30f0

SHA1
21ae5d0ea82f6d7d9fb93855707f4d6c5e119820

SHA256
526d8c259b76ab089977b2f44809121d6acb36ca3e4cdd0758229a401e0524e5

SHA512
358e870e92b5c753d1388f5b86670571e433236725734e0706e95d8e54faca1e345ff8bc0fdafa571f505f824a1891c34ff2de6e6d72a604bf0a672badbfb472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf774d26.TMP

Filesize
361B

MD5
dacc37274009c8102aedcd376592587c

SHA1
ba2b3f8e7d812e13b1bb1f8d6cb733344af446b9

SHA256
95161f4cea63515d7ecef97677630d58813c712a955a71518df569bcafbe0dbc

SHA512
8432a058976e82c1f324213edb2bcb4759951f089262c43ddb27d18ea5d50ae03d54cb589c1428ab146bbb657b2a4795b110063e357a34a40ab2428748e35643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
68cddd02391aec0bc28ababa76122916

SHA1
ae1088ae6add87dcbc358dc8f88dd8a3cfc81a41

SHA256
e98f9ed7b8fe7e8bc91040c44590f268e257228aadb4d09e3932b2e6a4f32ef6

SHA512
929b14724f8b58bf6f0ba4ec679396f6bb51a9f4570445140c18f64e9e739393b54438633edf033dbf53bfcb28644950e54721bbc3713fb854265d40358a8636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
50973802d5043a6f8c5cfb9abf36f7e8

SHA1
e7c2c6667518577569d3856b8fef12a0eebacf93

SHA256
04b85cbd724e2f6e8539054f673072781522d6c68b679a74214589a94a5d3f56

SHA512
940e7a4f84291827daa0d54a49aa244016bcf5c6201e6003a6239f8f060bf1bb53b882dc25e839dead29e43330f75668bbc7a1c77617c7356c0e2e0adaaa616a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
16f1d5f94ce140a0d0472d67e121a7b1

SHA1
2b720d06e482747cf52ac20e136300ee49424cfb

SHA256
61f6a1ec7ae7e3d98394a386b2fa99c6d719d103e12c0e3b8decdd59bc479c01

SHA512
4b161c45b967ac6b729d9039d2a08a7a961454b78b93b92ee685be80f95b5166eaf7caa58cd6d34230162b255850d2f45641122825f7bc3e2f6be55d458d89eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
d0bd0f9e9c36c4ef8aef1436e451ad57

SHA1
5fe8f710462ad4155d19ffeaf9e14902b7102e0a

SHA256
507930136420e5aa989e4310feec2ecad10983f5d283c5b144d3110afef374a6

SHA512
e0d4b82aaebc84a9f4371fef5e20ff1fe04772983256bcad7e3a69c0c874ff42275b4a8feba8f07b943ca232c3d8604296fc042e8692b75fd9683983a6152e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
e44497f6457fe57abd4a320c001abfa9

SHA1
214f146a4b7730abed65b017c733406b7d2f9674

SHA256
860fb53cf001d3032d0e13356e0884bd70c21ccee0a750bbc4ae19705921fac6

SHA512
ef69cb2393772e6a32bb92ba2749b68575e522f02d4447bb8a3d0cfaece7ed7c55938e773497c32a6f118501d3b25fd052ae97fee33d3bc72cd0e39f121cc522

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4522.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 261865.crdownload

Filesize
4.9MB

MD5
8e4a5b6ab6391d226e9114161b276f40

SHA1
1c70a1c8f796ca24c90e27c01cbf73e2bc1dc09d

SHA256
745231b114be9c085ecbe47d390dcaf2d7756af6f73705e92bc79028dd1a6d63

SHA512
8bdb8c572870abacf4f61bfc2bbb9d8e820387242d2b3ee07494072d14160cd501245af09f8618a790af991f3a3d03b172be68291fb7f86d3d31238a5733d2cf

Download Submit
memory/2056-1009-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1033-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1007-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1006-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1005-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1004-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1043-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1008-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1042-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1031-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1028-0x0000000002650000-0x00000000026AC000-memory.dmp

Filesize
368KB

Download
memory/2056-1029-0x0000000002650000-0x00000000026AC000-memory.dmp

Filesize
368KB

Download
memory/2056-1034-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2056-1032-0x0000000001DA0000-0x0000000001DAA000-memory.dmp

Filesize
40KB

Download
memory/2896-4-0x0000000001D20000-0x0000000001D22000-memory.dmp

Filesize
8KB

Download
memory/2896-2-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download
memory/2896-0-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download
memory/2896-3-0x0000000001E20000-0x0000000001E7C000-memory.dmp

Filesize
368KB

Download
memory/2896-1-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download