adbfaada11f2ed50e60f9b86b4fc742fec191645c8d27c224314e5e8cc4c50ce

Resubmissions

14/06/2024, 01:30

240614-bw94gazdpg 1

14/06/2024, 01:29

240614-bwc4qstdpn 1

14/06/2024, 01:25

240614-btaktszckh 5

Analysis

max time kernel
1799s
max time network
1690s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

triage test.txt
Size

9B
MD5

91d3f6850d5f17b54426f57175391aef
SHA1

889cc1b4a445eaae329d1b78c10facd2b76bbda8
SHA256

adbfaada11f2ed50e60f9b86b4fc742fec191645c8d27c224314e5e8cc4c50ce
SHA512

e677401a6c6240bc35f1fe9304b8af415691a7494968c4b19697ed7e234a3d396482bc69b37dfd38b227bac51bdad49278ebe31b070337c859217798f48a0a12

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 3056	2204	chrome.exe	29
PID 2204 wrote to memory of 3056	2204	chrome.exe	29
PID 2204 wrote to memory of 3056	2204	chrome.exe	29
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2708	2204	chrome.exe	31
PID 2204 wrote to memory of 2864	2204	chrome.exe	32
PID 2204 wrote to memory of 2864	2204	chrome.exe	32
PID 2204 wrote to memory of 2864	2204	chrome.exe	32
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33
PID 2204 wrote to memory of 2572	2204	chrome.exe	33

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\triage test.txt"
1⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:2
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3672 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2900
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f4e7688,0x13f4e7698,0x13f4e76a8
    3⤵
    PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3844 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1036 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1108 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2416 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3644 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2824 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3852 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2476 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:1
  2⤵
  PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2388 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3984 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2804 --field-trial-handle=1284,i,13466699719983655549,8625287312275850332,131072 /prefetch:8
  2⤵
  PID:3040

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2d55f95399d239b4112ec94ec4395a8

SHA1
7f25fd7668cbc3e9facdfd164862cee61d28c0cd

SHA256
873aeed07e6043db2c77ddc39789517fdc9a52ebc225dc21fd9665d8f2b142f2

SHA512
5c7652a9f21ab083101cc0a98116de3e659990278326ce3b2b4183b5470183f3ebf5ffe7ca697d9d0b8399f3f560aad02d169bf49da1b31282e7b81e0c460b76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
36ce886509e8118dab07e4726cb19ee8

SHA1
17ae9b3da3587252086864f2e8ada3f8e8028b68

SHA256
1dd58e6dc2e2fbd0bc0efaf794608b0155bc4f56d6b067aef18a4039f1457166

SHA512
350f550849e97189dbd1f6866a265220b387f61eab8899cd6474b9f0a422a1a1e7738326578a464e36b3b4b9b7190024535c481c6a04fae89da0bf221409d0cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
59KB

MD5
4febfe996b766b43559bbba95b671493

SHA1
3422d06f948ba200d5e3e95111784b8cdcaa39d4

SHA256
ce78b8c713697858fd2fc1957ed3bc42e4261ba15ecd862ba969bda3de56a5a1

SHA512
ef72c1db3996528d2a9d0e6cfbcf90dbc3fa858bfc607483cacdccd4a3a4e2f91deca7621ce0e6e6e23ba7a509fcc03f0efbe66eee8e244bbb6799bb8c21d812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
aa12ea792026e66caab5841d4d0b9bab

SHA1
47beeba1239050999e8c98ded40f02ce82a78d3f

SHA256
65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1

SHA512
0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
203KB

MD5
99916ce0720ed460e59d3fbd24d55be2

SHA1
d6bb9106eb65e3b84bfe03d872c931fb27f5a3db

SHA256
07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf

SHA512
8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e46d55e2c5e5329870cf094649587ebf

SHA1
2c9e30341be07f2f5841bdfe2cd202e67a2a3548

SHA256
6e420cf21fa2855ae039d976a22d0885a7e5e3744e07942caa6edba30eedb3a4

SHA512
dbe2b5989a3fa4e3ddd6670fb1ec9eb5bb163307d85204906b8da63e571cda8955e1fd60a3d7f74bf8c3268e70aa324de11e5c1bfce1a46ad30fd734116a7f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
00c14f29e0f115a8ba9efa292cff5ce6

SHA1
58e1ee98e250b5c6a87df0a8dcf3d54f717d2f69

SHA256
0d059f74297cfea18679c2e155cfa624b9ea6907b44d760a6e36b3d1258d91e4

SHA512
d4b5f04cfd4d2ee42e621c6a2ef6bda73c467838814024c8369318f7bd39361c88e97734c38227026793b066e2d02db6762911188b5e968d1c4c926121a7d53d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c2c09aa64f6a2f94b2e04fb9e2007b68

SHA1
7434214142ef45d09b588c0748aba3e9ba9a06cb

SHA256
8c8f6ecc0a0f6b45d2b41363b7934c316f7159cfc00b42ebb28a08983250020a

SHA512
e858fd8aa053a80306e4e53f0fdaf16938df93f751fc10e9ea0dfc8a30c2d83ab9a909d487587ceee284b008c3382bffe0ac013fbf45d50ef71b77c5f0789fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
96b633f081f6e9d50eb0b65469a68067

SHA1
acd9a3261da0c8fd1ec9ee4c57d8fee1ad52b974

SHA256
2b9ef97350d7db819230912bd629e9a6a53af8788a5607ddf2f85260e72cee3f

SHA512
4775b133ff70e0b5c9b4def3845473f45d6e72738ad528a915b4d5da00dc2aaded09e580a7fd798cfef7234fdd72a07980c0bd57d6388f884d318e7931b6d8b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
475d729b64cb3a1eb056724d0548ae06

SHA1
3d585f48607ecc8a342257cba781e7493c0f5d9b

SHA256
d946c8ab34ff97297f596bdda07fc30e31c1d00d6321627f234ce0be63df799d

SHA512
a8b98c85df01b5837e8a7eb5cda6b58091d8937122b3d6aa0e22e7b13e9d37515abbc6f9605540e9f2ed5344e8647d215aaa7011f552c7e313172ac901d2fd3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9936f7f26e27fd89af785e290917de7b

SHA1
920e68639b274c53fd82f92ae9dfc31de8f65183

SHA256
33f5f54b463df5e8c68a02a425dd9e3819dfc684d2667594358a9c52f5ba4988

SHA512
e792cfd42faacbb03aafea1aa8c8957df8363819d67b062db08e67f6ca42f1dad69df65cbb45844645bb521775d71d3b0beb82559391fd389e0bdb599ed28f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ad29bc780b3c8d8d3ef5f33d1ca332ae

SHA1
76a5c39693c64f95c2b394f0194866fc228d1aa6

SHA256
07355666d8f191404b01ae7cf6d28d00c9678f67b42f51766b6aaf5126d3dc9b

SHA512
ce36eb86958c152bfbe733d40cc8e0b2ac5238fb1379852e4f152af69ab8bf375fbdf6b1c180a6515296a65c20e3bb44c78fb7e94ff09b350d39fc048e372f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
720598e20fb9a6fc23c8401963eb1d4b

SHA1
5041812da7a8c327ead397a319a70dc6a3017492

SHA256
ceb7ba5ac3ae82e3edf3dfa80f3d059a0aca8503c129c7572756795a34d4659c

SHA512
06fd01d7eedd8876b45cd73160b6e8a9ce6ba12c6ae5b2ef1a2884c5b904502cc44aea8717537bade93459f936c680b978c3523b83e39498bb80f7509455b309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
34131637ea53d1e0adc25c7fc18c97f1

SHA1
7a8475e4080b9cddf79da85a15fbb5019bead189

SHA256
5ff5c4a3dc9c352ec04d036a523951fe5671997e8e0e88a09161bc477fb49044

SHA512
cfb9ff4a59704fc63b32358f7e5939c9017583388614e7a4aaf4ea62ccdfb7e3efbde3b84aa873c2bbdc381b27310d5c3127374dee5a3084aeeb5f03c55dddaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
48d7fc04ae69ffe089f802d22ce012ad

SHA1
1a05aec96d27857cf9caedbe03685d94ce6cf838

SHA256
b5e323c625e74312ceca6fadd4035d36fece0e9593a68f5eec3d7cd189c87c23

SHA512
0a24666d968edaeaf0dc356bf8733ff54a4af8d7d30af372a1246f1af856a3e7c6cb2affa89c5d1d98a0622f92728d90139daf7806b0fdc9285e8588ec569314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
196B

MD5
b7cf9bc83a4b25a81d6642957dc09724

SHA1
11c04dcf0e9ecbf7e75edc9a1d59d519ae680a14

SHA256
60a1af725739e1bd2c5ae2a1bdff3aa5bc6b237111c9eee8d3fcd40ae4263a3c

SHA512
89b206484ffb8e674c1683c6abc0b24bbee59fca74e53e52f148d0cbdf05a5a72a8edfabe7d8b9c4022f0401f8a5bee647daca775e5a758155bb7d85eb0cfbd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
196B

MD5
e0d9eb0c11fa946ee7deac935b4921d2

SHA1
da214c06e34602ac99087e23cb68721f644b1fe1

SHA256
4cc886302f5de934c964330a620c66367c2499ca9a9d109c60e2368176731c83

SHA512
53e3b32ea2c21b841e444d0838edbdc554f604912d0b08f1eb793b5f8ccb6285953b78acd7ffdd80e878ba3ac6a25d046e2cc646ec63d8b92d8bb9c79fe435d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
a2c1a4f57734971686c5ff062b6267e5

SHA1
2357277fef4e8bbd1106e699118909f61c90f1f9

SHA256
b58c7c978ae65ba5056775d702d46facc50e2569f03d442f33c4852a510b6e3a

SHA512
1ac1865cdcad3487408002967c42229888446f2ea917f0aca5916683b864817de06fefe2a1396e5cf9a8081a6298b1d0dbf5a93a74dd0f1142cd49bff091c42d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4b391dc3865152d69c448e415075f428

SHA1
3ba6bb399c01d5c7fd126bdfc7209f629e81038e

SHA256
713900ceeafe295d83a92b9dff686e19068a8a1c510bc5f7e778cfb484145874

SHA512
60aced48b77703f99b5b23e514e1edac869eeacda2cdc12903216ed3a1a47e83b2780ca5b9d956d345b356e2a8de4db1a1359ef1e05d37ef6828f2815a269f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7edfe452d6ece5a9c460b0317ffdf7ed

SHA1
078e27401704f2e3561ef1c3f8ef8b552f2a0e1c

SHA256
2dd9346487bc493854f45890cd964b38a61b05f7944c54ce55c88159f06149f9

SHA512
83cebd35a67978048c27d973c321efd8dc364bc3a9aea61524e267e75bcdc3d35b868c2be3e68e2bbd37b5ebc65b923dadb0333a3e866000905fd49ae26f55b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
536de6dff21450cff49eae3c0b4efec3

SHA1
4efcf57d76e95c83cabcd6d40d8144061417e1b0

SHA256
876db117659764a7587c732fcf249acd89250f1f2759dc4fb689e5996548674d

SHA512
4791bf682e8d63f4e9201381cc3ced5bfcd04a0a348b441b7edfaf8ff5a58342a887e64c86d2d7d16a9f886281954a6779783b304042d37f69e42884a6ae4b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0be99918992c78bcaffc3c59670f1f01

SHA1
5a181fe3f69f08329abba19c65c264f1a7994ca5

SHA256
5a117870652ee14b33b203330259b92ec2c8cb9ba9a2c059c32a7586e4b31f83

SHA512
46b9576cd9adca07c46c6c4a644bfc5a3d2157f3d14eaebe8796a21382923a5acbc8e7d8604540bcb791522a440059e9e7bb11e6ed1158208a60c48ee5bee39d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d9649dcdacf57a83e2d2f0f1a5b013e1

SHA1
c93f19f2e526f9551d6654d1142a0899fd260da7

SHA256
5f1bfdac75ce1d1fbc0d5710bfd98bf1f3b5aba9301189ea2f24424cfa85bbaa

SHA512
d162d04ce93685d63c4c67066906a48018a66173d579046e3a6acf0228011f1f9ea8c2ca54591b8e97fd434321a8826282f8f588a6d98136acf9f547ac3bcfb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91e8fc501d81a9bb5272eb7061608006

SHA1
0f1743568f0baac5842b8b38fef499aab3c0ad74

SHA256
ab129de31e2e3e561c9dd8b006d39f3d24f67ef8dd15c86200197f4a951b3d3a

SHA512
054f032a89c1178d578ff4989f332a1f1c38a1e17ea599102bcdf70f3263542fd4571a12196db29250dea0a982db8bf1a445e6895d1436bb227b7eef26005114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
2057579224aed403a24408f376e7e309

SHA1
8c0e0653d768ed0325e8ccc0ca8fd791ecd6955c

SHA256
86a221a593fd5c8094eb1c7dd13835fd580ec6d37b9a519e3d3b6a8deb3ae770

SHA512
f277b99c7307cd4016667cee563c6f40f9a9c60e0b552a69e509dd3d74ad2d8c589e312cd889ef14da965aec93ec3e21e6ee4b264ab9e6a26f1aaa79e38512ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
d948d9658cb438f2fea85236cb86063d

SHA1
f42dc908f13063b4699cd8300b29a1183673e5c1

SHA256
f27a4fdab2e060109b296a593111e2c8b3c83d59e4def34adf30e69125741c89

SHA512
dbc37f5e8d78cb8e3f39cd15c8755bce3fa1ddac2b868eed5eafeaddda1f8f7c0c2e1a234a695163e0ed647654be4b1fd40283780697b8e220d530534274095d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3469.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4F3E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit