Overview
overview
7Static
static
3sketchyori...632898
ubuntu-18.04-amd64
3sketchyori...632898
debian-9-armhf
1sketchyori...632898
debian-9-mips
sketchyori...632898
debian-9-mipsel
sketchyori...175893
ubuntu-24.04-amd64
sketchyori...175897
ubuntu-24.04-amd64
sketchyori...175898
ubuntu-24.04-amd64
sketchyori...175899
ubuntu-18.04-amd64
sketchyori...175902
ubuntu-24.04-amd64
sketchyori...175903
ubuntu-24.04-amd64
sketchyori...175904
ubuntu-20.04-amd64
sketchyori...175908
ubuntu-24.04-amd64
sketchyori...175911
ubuntu-24.04-amd64
sketchyori...175917
ubuntu-24.04-amd64
sketchyori...175955
ubuntu-24.04-amd64
1sketchyori...974.gz
windows7-x64
3sketchyori...974.gz
windows10-2004-x64
3unicode-wi...lib.js
windows7-x64
3unicode-wi...lib.js
windows10-2004-x64
3sketchyori...985.gz
windows7-x64
3sketchyori...985.gz
windows10-2004-x64
7sketchyori...987.gz
windows7-x64
3sketchyori...987.gz
windows10-2004-x64
3sketchyori...ERE.7z
windows7-x64
3sketchyori...ERE.7z
windows10-2004-x64
3sketchyori...~~.cab
windows7-x64
1sketchyori...~~.cab
windows10-2004-x64
1amd64_dual...64.sys
windows10-2004-x64
1sketchyori...ab.lnk
windows7-x64
3sketchyori...ab.lnk
windows10-2004-x64
3sketchyori...~~.cab
windows7-x64
1sketchyori...~~.cab
windows10-2004-x64
1Resubmissions
12-06-2024 17:05
240612-vmcamasdqh 612-06-2024 16:56
240612-vft7vsscma 712-06-2024 16:50
240612-vcjxqasbna 612-06-2024 16:40
240612-t6wb6swank 6Analysis
-
max time kernel
72s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 16:56
Static task
static1
Behavioral task
behavioral1
Sample
sketchyorignorant-main/21632898
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
sketchyorignorant-main/21632898
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
sketchyorignorant-main/21632898
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
sketchyorignorant-main/21632898
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral5
Sample
sketchyorignorant-main/67175893
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral6
Sample
sketchyorignorant-main/67175897
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral7
Sample
sketchyorignorant-main/67175898
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral8
Sample
sketchyorignorant-main/67175899
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral9
Sample
sketchyorignorant-main/67175902
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral10
Sample
sketchyorignorant-main/67175903
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral11
Sample
sketchyorignorant-main/67175904
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral12
Sample
sketchyorignorant-main/67175908
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral13
Sample
sketchyorignorant-main/67175911
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral14
Sample
sketchyorignorant-main/67175917
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral15
Sample
sketchyorignorant-main/67175955
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral16
Sample
sketchyorignorant-main/67175974.gz
Resource
win7-20240508-en
Behavioral task
behavioral17
Sample
sketchyorignorant-main/67175974.gz
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
unicode-width-0.1.5/src/lib.js
Resource
win7-20231129-en
Behavioral task
behavioral19
Sample
unicode-width-0.1.5/src/lib.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
sketchyorignorant-main/67175985.gz
Resource
win7-20231129-en
Behavioral task
behavioral21
Sample
sketchyorignorant-main/67175985.gz
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
sketchyorignorant-main/67175987.gz
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
sketchyorignorant-main/67175987.gz
Resource
win10v2004-20240611-en
Behavioral task
behavioral24
Sample
sketchyorignorant-main/DOOCKEREEERE.7z
Resource
win7-20240508-en
Behavioral task
behavioral25
Sample
sketchyorignorant-main/DOOCKEREEERE.7z
Resource
win10v2004-20240508-en
Behavioral task
behavioral26
Sample
sketchyorignorant-main/Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab
Resource
win7-20231129-en
Behavioral task
behavioral27
Sample
sketchyorignorant-main/Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab
Resource
win10v2004-20240508-en
Behavioral task
behavioral28
Sample
amd64_dual_net1ic64.inf_31bf3856ad364e35_10.0.22621.1_none_9c37897afc379c39/e1i68x64.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
sketchyorignorant-main/Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab.lnk
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
sketchyorignorant-main/Microsoft-Windows-Ethernet-Client-Intel-E1i68x64-FOD-Package~31bf3856ad364e35~amd64~~.cab.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
sketchyorignorant-main/Microsoft-Windows-Ethernet-Client-Intel-E2f68-FOD-Package~31bf3856ad364e35~amd64~~.cab
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
sketchyorignorant-main/Microsoft-Windows-Ethernet-Client-Intel-E2f68-FOD-Package~31bf3856ad364e35~amd64~~.cab
Resource
win10v2004-20240611-en
General
-
Target
sketchyorignorant-main/67175974.gz
-
Size
15KB
-
MD5
d7c493ca4f84a7d50b53646421a37487
-
SHA1
82af5ff3b480cb5a3870da5e3b4762c3d6b7b888
-
SHA256
882386231c45df4700b275c7ff55b6f3698780a650026380e72dabe76fa46526
-
SHA512
bd5ac5f0433953d79408074239edc7c43ce23d56659d467805d81ab01c576a3cf77ccedb3bba41d48bc4ad46a8905ac8a1927b99312053ef6295fd940a6766d2
-
SSDEEP
384:QkAUnbXYwhNjTJ2O8ZZc/JtwRb6DedKzVYqQo9sCDyTXE:CU/jTJ2lZc/JtY6KgZYH0D2U
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies registry class 2 IoCs
Processes:
rundll32.exerundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 652 chrome.exe 652 chrome.exe -
Suspicious use of AdjustPrivilegeToken 40 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe Token: SeShutdownPrivilege 652 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid process 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe 652 chrome.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
AcroRd32.exepid process 2904 AcroRd32.exe 2904 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cmd.exerundll32.exerundll32.exechrome.exedescription pid process target process PID 1964 wrote to memory of 2720 1964 cmd.exe rundll32.exe PID 1964 wrote to memory of 2720 1964 cmd.exe rundll32.exe PID 1964 wrote to memory of 2720 1964 cmd.exe rundll32.exe PID 2720 wrote to memory of 2728 2720 rundll32.exe rundll32.exe PID 2720 wrote to memory of 2728 2720 rundll32.exe rundll32.exe PID 2720 wrote to memory of 2728 2720 rundll32.exe rundll32.exe PID 2728 wrote to memory of 2904 2728 rundll32.exe AcroRd32.exe PID 2728 wrote to memory of 2904 2728 rundll32.exe AcroRd32.exe PID 2728 wrote to memory of 2904 2728 rundll32.exe AcroRd32.exe PID 2728 wrote to memory of 2904 2728 rundll32.exe AcroRd32.exe PID 652 wrote to memory of 568 652 chrome.exe chrome.exe PID 652 wrote to memory of 568 652 chrome.exe chrome.exe PID 652 wrote to memory of 568 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 2208 652 chrome.exe chrome.exe PID 652 wrote to memory of 828 652 chrome.exe chrome.exe PID 652 wrote to memory of 828 652 chrome.exe chrome.exe PID 652 wrote to memory of 828 652 chrome.exe chrome.exe PID 652 wrote to memory of 1704 652 chrome.exe chrome.exe PID 652 wrote to memory of 1704 652 chrome.exe chrome.exe PID 652 wrote to memory of 1704 652 chrome.exe chrome.exe PID 652 wrote to memory of 1704 652 chrome.exe chrome.exe PID 652 wrote to memory of 1704 652 chrome.exe chrome.exe PID 652 wrote to memory of 1704 652 chrome.exe chrome.exe PID 652 wrote to memory of 1704 652 chrome.exe chrome.exe PID 652 wrote to memory of 1704 652 chrome.exe chrome.exe PID 652 wrote to memory of 1704 652 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz1⤵
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\sketchyorignorant-main\67175974.gz"4⤵
- Suspicious use of SetWindowsHookEx
PID:2904
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:652 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7999758,0x7fef7999768,0x7fef79997782⤵PID:568
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:22⤵PID:2208
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:82⤵PID:828
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:82⤵PID:1704
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:12⤵PID:2616
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:12⤵PID:1896
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2800 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:22⤵PID:840
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1476 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:12⤵PID:2664
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 --field-trial-handle=1256,i,2179306794252423562,8913626701638427332,131072 /prefetch:82⤵PID:2968
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:292
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD581692cef1e17f6083d7c2831e507ee65
SHA170928795c8171e68c5c810230cf1daef069e5cfd
SHA256a489cb51cf06808f7efaa3f6afa3de063dd44df0a01640a39a88519ec3c5977d
SHA512d6c1cdb01739b4430e9ee6a9381a9b9ecca346e849843422c92235307e2b9e64bbb0a459b5e4088d7bcc3bb34075bb1d0937d772ca935bfeddea73a954b5f8f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD50997462ba771cc5e45c319774c1bb2d1
SHA1b4d49c4dba228aee3c177439c4f81f74219c1c93
SHA256152092582c350364b40a4c8d4c596d3496f370912e6a3c5dba075f0bcee2c4c3
SHA512835ee90e055a6d862dddbc08ce91b129ffbddc6986f2d89963ea013417e03722f957724f758535567935a608e6734a02fc7c1397c93e0dcc327a7d363bf7e67d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmpFilesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD560c096b21548b94177dfd21a42ef585a
SHA1cb920317f65f3d9f7eff00752ae7a964cf416c2c
SHA2561161542553a4d122bc4a67cea0d1b4ba8f3efd2e59347436ae60d0babfa0715e
SHA512785221da6c2852de73b1f8dd8e7788a9eabc1eb90d7c09fe44e8fefcf72b6a92622101b5e41c7060d63bc961d08a3e3aa24aec9a5dffc4cedbb4578f061212ce
-
\??\pipe\crashpad_652_CIGPBUPJPJAAUSQRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e