2e0a0e7e5d510f4274cd22ca2ed10f4bcca932a8cb2a756a47c13fb36a5fb58d

Analysis

max time kernel
63s
max time network
68s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
13/05/2024, 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solara_Updater.exe
Size

240KB
MD5

b89051e8cf348e69c0943b540af3b99c
SHA1

50200e338cb5df75077c6144884bf0ff6bf7cc7a
SHA256

2e0a0e7e5d510f4274cd22ca2ed10f4bcca932a8cb2a756a47c13fb36a5fb58d
SHA512

ab1e75c6ccf80fdd29bb35ec802032a46cf642e444ba392a2224cc025d05d78148f60bf81d4405b25301ce86b83e03d9249378864afa575fa6a61f05dea21408
SSDEEP

6144:poKbfO8otzIJZiCgq1gQb4KgLqMIuLRTK83KrAqG:poKzO8otaZiCgSgQb4KgLqMIuLRTwrAq

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
3	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600878839635114"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
5084	Solara_Updater.exe
4928	chrome.exe
4928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5084	Solara_Updater.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 1212	4928	chrome.exe	85
PID 4928 wrote to memory of 1212	4928	chrome.exe	85
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 3956	4928	chrome.exe	86
PID 4928 wrote to memory of 2288	4928	chrome.exe	87
PID 4928 wrote to memory of 2288	4928	chrome.exe	87
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88
PID 4928 wrote to memory of 3764	4928	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\Solara_Updater.exe
"C:\Users\Admin\AppData\Local\Temp\Solara_Updater.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc634ab58,0x7ffcc634ab68,0x7ffcc634ab78
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4004 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4228 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3236 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3852 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5104 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4328 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5224 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5708 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5420 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6120 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4052 --field-trial-handle=1840,i,12781489153013694649,11255070028911869521,131072 /prefetch:1
  2⤵
  PID:2128

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
984B

MD5
c35e6ec0e2817cb0a7ecfc5047b08eee

SHA1
51cca70bc1d51a7f1a1bce958bcb3d6b27825305

SHA256
954cb4ef93a827af93757f347368bcdbebfac4cea1060a9b3216d24839727771

SHA512
f93e6f1623565d09b430e67169160d5855250d667a6b87681bd7c5256dc6468813a5a9bc419a6f4ecf86f201a79276cdcedbe12afe8008d5b44bddd4d70f50ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0c83af1beb57c4f04e72988ac8cfbfb0

SHA1
58fd5224b169c85d7751fddfca090e3673b15e2f

SHA256
4706ec38adf2a2a5e9c0b9cefc4b6bac7b2990925327a4ad1daed09bdea07827

SHA512
510b6e28540ca73ef6c70c53dc69c6c2322ba63a2b24ab48c9967506a2dc0c98b73f53ec281c4f38a9c4ce79b3202896e107d7b800cdf19c7b6f16b00938b889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7de5eed0c6116a716a3a27e06fac61d1

SHA1
6e1fea3648388aebeaafdca78791357b398930b2

SHA256
c04d799f7699634bf49a15d768d2fc9a0f5e3672dd4d4c860fd4f4a6f2b75a27

SHA512
cc5565e51dabeb9605eb570d3dfd85216fc0589bfb8df38f783ad78892ef2a83129d093590e0a39da0b1e91cf32f26c658734dc9e1e220d833f71fee05f15095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
91177d6ec38884df6e145858b747b793

SHA1
fd22d7997fda5abd10de81edea47eb7ba5770872

SHA256
48ca44652bb5ae3680ea9d3ca2b6eb5b0ad221a68305a5174dedb8bf0dc84e3d

SHA512
f54dd5997d17435c99f19195c661c44c7e40ee749d30f6828578b1032533ef77072903ba3b31fd3f0d67012e3ddbfb00888037fb14bdcf3917c983ed18629a5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
ae28f35ec973855926b063c2b3c45347

SHA1
006ceca3e5def11b83b71a93e99b61b6214acddf

SHA256
808edb65abbc47a82d0844fbf70a24e3677709a8ff3d1d28d9e149834cf3c31f

SHA512
0c4338822919171a760cf51b1872191344f75ee7c4d8f1d030de917055353ecf5edcf0aeede30a03969f943973cf528b9f4736c8f43c7683fac994b239ddb693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
da48278c7c8cc981bf770abaf293cc9a

SHA1
5590bd86acfe3847576de73f7eaf4c94c9b44d44

SHA256
a1ebd0cdd32e6557747c4100ccfae6f4a920553bf2063b84f48f1899edaa70ce

SHA512
cbff07e2d3acf34e53a84603f99ebe46c1a860f22f8b2cd6cf7d14e60e986c30689ac9bf84f26742847cacc0ebb19ead22ce41b15fd96161ef969790cfdb3847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
49bbb19cb8fa9f7316c8827b7132c130

SHA1
b7190b62f30b33f35e357ed9f46c72a690133c17

SHA256
efb7f5932be0b6b61c7439253508aba27c8de790878478452ab4059e9a381db3

SHA512
23629ef5014f5488abb4897900b62449178d59609b07cd6ff04562c0fc791d6b64076bed494177d3d9b2e6e131cd1434dece93e11a9c0ea262f123a59e4184aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9266193d0d77f311b420794dd6d8f8d4

SHA1
8b13b1044c52c265818599b4239a63da191cd862

SHA256
c43d0acb1cd9f56ecc64e4b6ad70b5b7120f2553fc0cad565cb98798a6d563cb

SHA512
920319776de0e82de7a84f742bbaa82779d7bc07d4c5319b8dd242a0ca3121795ae57c12669bb5e505f4d53d456a46384014a37a37fcb142352c690295e37288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4a6c54c87f6d2faca21bdbb6f87bd7f6

SHA1
be80ecb25fb02c5458319a89fff3c9bbcd498b3c

SHA256
5fb7272d6a0ee5cd07d3678086ea0d70174caa180c37e940782c9dfffbf9c5fd

SHA512
af940c446ed463f43daf99ee658b1c1e736b518cf44ae1b95e64e58204a8c85c8163cc48cbea7d08f9eab6eef48d8e2c2b5329d797c5cd0b22146c32dade4cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
945eda952ebcb43c2aef251af2391369

SHA1
227b24849af1999a3e2c463fa56e2d3d51527850

SHA256
1e9938b00b668ecc4724adf719ac9def92b1b11b655d2b71941bb74b4c0a12a8

SHA512
c4444286fc6cd19d9cd52f200346a28bdbd5ebd1037265dc2e68f5dbeb5acc8da55048a8cdba6ad1c6b4f844b39ef3a227fd36e9b4f18bdab485f614515ea0ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cdfa3de32693c8eba1cb4e33a15f760d

SHA1
d66ea1a9003862a59248f55755c6996db603df3e

SHA256
e73fc76f6a95781d40a7108e3834a6374d9542ccda9ee711d53250d1f1ffcbf2

SHA512
7638707201113eb4b52e697562ed2c14adcdddfce3424c90243f1155e07f43bd57dd81928f573717d69c35dd501749c9cdacd2679733edd2493f4cef79362843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30f50e3bae511288c4b7b03430689691

SHA1
a67860ef20f11a62847b64cd78dde10522cf58e9

SHA256
accb8bcc3480302a27b2cfaa1e6e4b3d24d5757efb7450e210dae75618ec6108

SHA512
42c55bdbc89565461181ca8450a8b246d0a6a2f54964a50d680e018236e840ee6562ab96d2c2a881834e676b15efd69e352dc20fc88b38aee6c8e57816755300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
1095c87a37a601a933767e22c8603b78

SHA1
15fe805d49acef728e859559acf4e6dcefc51c93

SHA256
44ef7e2bbb710ba42318c75143bc30b45fed521bd625968da95bd6205af7656a

SHA512
619f73b5fd78de857af7608496f20b563f21cb77031b66447e22e1abd63e3b426ad9d8d9b382354552dfe7fad5cfc99910ef62ebeb40647156c5c04e25998246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
727217ca9eae50ab326307b5747abf56

SHA1
db1aecbe0a96324a33e849d9ee416c166e727911

SHA256
44bf9faf3ba37dfb598c078edcac43a25c0ac723f94c884e61337bba84cd8208

SHA512
b628ad5500b9b105dba200338c234879c2425e79bb487d4e1b8c035186aaf8a2d1fbf75f0a268f980d9e5a876d5402c3e9aadff3f7019f847242460aedc58cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
505292bfd60368f4600df06c6d79eedf

SHA1
d92c23567a71224eb02d75f424b2dcac3f0ae3d1

SHA256
54d78092098473ec90a329573b71f0438176b4c35eb7828d7c00914c2b4e04dd

SHA512
cfa1302320dd8cdcc5862500b3ef4706604d909c0b12d6637393898bc1b3957f9a0be6604debf4d34fe32338992af60335053e68cbf95f34736f6ea3f482dc6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
5d1e903de7be1d3efd745f83c1d1d21d

SHA1
af113db65633c87fc7b9b2be967e02f871bea301

SHA256
aa773a016eeaa001a20674f48d6f35cd6ccb8d81b0d8cd8a26dda820b0bae0c2

SHA512
69da15f05151defed67dd6dfc84145c1fe9de7fff64d2aae81c9c57dc5136a9470604c35980af1056bf4d22f8edadd597b8b67c34f642b58785fbae21efdbf13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
1c5f65f2024612baa9fd1e61095a30a5

SHA1
12d708468d1050b5d0c17ed8fbf2dbb982b0be93

SHA256
9cfa8621546f66c91b0ae95d1c493741e75d603c784ce90698eccc18c8fab6f3

SHA512
943342a951742edf8f8f4215640a4fc133cfaef2d70abd94748ce92b3daf5149502a4cd9ae9c7a3cb38a828517464baa1d6483b043b28134813d42479b1982c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
84a5e83e3ad915748e17ca2fe2a49d35

SHA1
3fa0a42ef5f9f949a686cc2982b331d26ffee7d4

SHA256
388aeaee69b4b21edf7fc496ef04e1d7f5a6efe075b0444e067a65012c319bf1

SHA512
ac27afa5489daf5d03fe529f2230ec9645967dcfbe807f7c7a5197dfbb7ae2f948b9cba61cf11196aca55b8b1ddd3cd7a9c888e9c88c05f6c31e430f04de1de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57de98.TMP

Filesize
82KB

MD5
76cac76418025b4b1489f0c6155c69c4

SHA1
279359511dd281511d68b1d03b050e77fa780b8f

SHA256
d5abda4d8492084881058b260bb1cbd1cfa853017efb8245a080b910c26d6562

SHA512
54adeca63631714bf6217c37d5b8c4d2bfe7a0aaf663d1b98b92a1cf9732c28efad4ea37c697adb9173876fec4fa47432105d7e9ce7e55b8831f205d49610fef

Download Submit
memory/5084-0-0x000000007435E000-0x000000007435F000-memory.dmp

Filesize
4KB

Download
memory/5084-532-0x0000000074350000-0x0000000074B01000-memory.dmp

Filesize
7.7MB

Download
memory/5084-519-0x000000007435E000-0x000000007435F000-memory.dmp

Filesize
4KB

Download
memory/5084-5-0x00000000072C0000-0x00000000072D2000-memory.dmp

Filesize
72KB

Download
memory/5084-4-0x0000000007290000-0x000000000729A000-memory.dmp

Filesize
40KB

Download
memory/5084-2-0x0000000074350000-0x0000000074B01000-memory.dmp

Filesize
7.7MB

Download
memory/5084-1-0x0000000000F00000-0x0000000000F42000-memory.dmp

Filesize
264KB

Download