f4682ac003ffe913d397b9f2f5d3a4e251feae26e704827e1f495d9240b17e20

Resubmissions

23-06-2024 18:06

240623-wp2tqssbpj 3

23-06-2024 18:04

240623-wnmy7aybrf 1

14-06-2024 20:34

240614-zcpkesyejk 10

Analysis

max time kernel
389s
max time network
389s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
23-06-2024 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

us.txt
Size

173B
MD5

6b6c81989aa83c39a795eec2ea4692d7
SHA1

91c2949ba4e3832b32d7c9e3083d265cebaf69b4
SHA256

f4682ac003ffe913d397b9f2f5d3a4e251feae26e704827e1f495d9240b17e20
SHA512

6e13df78169a1a0f8dc8069aaec1da8a12db976fe57fecf30d59dfc6a0820c7e45d1b90187ac4763fbefdafb8313a8523a5f954f882b3891c7ed9d8ee5ce069a

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636396170993354"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4784	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 4784	5088	cmd.exe	81
PID 5088 wrote to memory of 4784	5088	cmd.exe	81
PID 4908 wrote to memory of 3336	4908	chrome.exe	86
PID 4908 wrote to memory of 3336	4908	chrome.exe	86
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 4776	4908	chrome.exe	87
PID 4908 wrote to memory of 1640	4908	chrome.exe	88
PID 4908 wrote to memory of 1640	4908	chrome.exe	88
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89
PID 4908 wrote to memory of 2412	4908	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\us.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\us.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffa596dab58,0x7ffa596dab68,0x7ffa596dab78
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4912 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2440 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4880 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4900 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4492 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5228 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5428 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5368 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1760,i,9010718235512015705,3886218678483694799,131072 /prefetch:8
  2⤵
  PID:2368

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8cbe0602bd216355bf8249f436702573

SHA1
6723482573371d43f954cb427daaea99802841cc

SHA256
775764d4958616e593f2865137cdc2ceeec3578c10bc27002f6e6060efaefabc

SHA512
1e75548124ae31c560d3d7c37cced76b2b368f09f3fbec5e68ec8404deb270edee0a470a31f2078603a01f36b1bdeb9882c343c3cea3ed50b836e0ef0791c8ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
434b2096407b38bb00bb5a3195cc2c67

SHA1
8b4da60f599c94c764665de757a62e7d17e7a283

SHA256
d8969e8523c185b9ec71dd0bf6b75ec613940d07fb4a9a42a80a7c59132a7848

SHA512
1a108eb48d517f8d73d4877a31e3ac9b631b49a045e8067e0447ebbd17e17adc350b9b9c90c1a1c5e4b37375ba57a6778a900ae197b89231e504938c38d3071c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
0462adaa319f7a703651e755dbef954d

SHA1
bd7fd0913e0fde1867afd043f8ffb1dd7e28d5cc

SHA256
c1228b83ccf6818efe8f2c104bdd9fbe8401ba9911e72a5e8043510582843df0

SHA512
3661159865d4e062889690babd0a572b7e294af55a78811f1b5090bbfb1ae527f4f5d8e28947349f2ef134fd8a3f6ae22b25bc282fb48a5ac54208a580188d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0e4a7d33c2e554e98eabe43f5d3ba830

SHA1
767ae99bb692a29e6729b074bd4d177e86e4870a

SHA256
6ad3249e3d7e4bd0b3336d5068158f334e3da7069e6f99a17d76e3ebe2ba14e8

SHA512
fc0075c5d91e73245078c4dc2ad633641dc3aca0c4daa5f612c507cf6213101d34a52ed5ca4bdbe11f486d15d989a05249dc30c5532db62cd295fcb729813017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e1ecdd1cca1c67e4e368dc72fac06a90

SHA1
45fb00491ae009affa95a2f548520a9ececd5783

SHA256
75d231b3ad47662e20e65288f3e60897b4db4e279111fe9aac90e4eb537acd9c

SHA512
913b11a3d8ab6510e09e74633927976f01d80317ce2d0bf6e984823b3ae7b3fdfa7ab0d93d41f926c4469ee9d4a0002e11a981df42daae62a00932ca85aff35a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c9fd3b3ea3633f8872f525fddd8020d5

SHA1
e2088da2a1d58b33f57579f30803de7229706bec

SHA256
f9bc28f82270484ec293b85e076cfe3cca729532bac97b3d272757ad36f05537

SHA512
4c69c5fe4ef03ca634cab7523ebbdf8af3804c30d74ef69ec212a9efc34a3436562f5bd15c725de97ee5d9b682a4c5b47b4a81e27db59c651be949e1f66826d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ca56642bacd07f9a91dea68a9c1ac7ed

SHA1
b3e4b8be74de46587674e68ad4a513caffebc588

SHA256
bf9c082d7a5276a0f065d3eaca4e393f19e4a65682f16c3c49cfc9c524787498

SHA512
6479268edfd7dec4c6bad9123e8c422c71be7c97f26bccffbff2f404358c516b591eb085c17e4e7ad51573c9de7251841bcd8ece8fa8731ea31b6ebff8b24844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
5a4c44edaae8ab41f2d666983d4200a0

SHA1
518fb729b85580b7a182d31cec4672ad8beb8125

SHA256
5719bfe453680b57df01fcf010e7eb124fe622fcabac91f5c3b0c2f985d3ebb3

SHA512
1716de59439ab960b9f976063a3e2030a178defdf000d1ff9ab90c782a69f6d065f955d86b9bd8d253f2516a4398219ecb20f9168a772434a4835bbf58787b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
4055c8f0b9bbb27b4bb7f710f51aab89

SHA1
e22665bc8f5ebf9481508b215470324d3682b1c1

SHA256
8fcf21586976d4d0f33db9c5a1e223d0aac0bc242905f85d9c2d37ed7d9325be

SHA512
21e1922b9379dd72f78731a3e11c34a72b097ae29da0a0427f1e7d582657610439d1c032f6228784f677e55a71f1bb00cf49c247745082cc2b63856b5080b047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ed47d3ae74436e8c7aa999211509fd03

SHA1
b137eb9045324c3cf22795579b56cab8e6ce8e58

SHA256
1cc2505a88e99d88e58f53a149d4bcca7a572c91b742132638652b4616dc51d0

SHA512
2a5fc77486df17f2e12c709cc1f83397e0b46d86f32dccc1123a8f6c7a114db7df0e0282282793c438fe24a630891a9ee4520b25621a5c82068b3c56ceb44578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
961afd45d2387591d167a2dde52d1404

SHA1
6070a755c5220dc56afb05232332676954e5c4bc

SHA256
e878457ee3fe8e1d6d21839ebadd11dbf32802f412c0b1d8ff497adc36427a15

SHA512
c03f61b5757bbb87190a716e400af2ae7a8adb3d873f47f02f3ea959a207afc6aaf3e14bf5ecb84583c70c6cf1bfc7a69998818545e9f247ac996c42499a6913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
642a2f919c179ca6c9d5abdceab72e0c

SHA1
b62e63ee96aa3fc9a02a67678d6a50dd6c4a909a

SHA256
f0718180c9ef4d0fd1d850bfa48c52f5ec2466203c502b7855683927bc514f19

SHA512
c63219b597e352e42457fa650c136869f4f5da35126caa3ae1b57ff131e488d5a9f42fa7c032c41df3d6c4bbf848ff0070fce92bd0b257300b89c8fb019e2055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
33a99e9ba39a3df81102e8a531daf28b

SHA1
2567e17b7bfb0a8c8a2a4196c632834b3d4934e5

SHA256
465c75e733e5364276e13052e7e09b835a10810e234cd5019f80df517e35b09f

SHA512
9f4f5fb037810a74890e59f643bc006f3f23c43b612429a19284266e2077d5555867b4916cd1fac3880d9b11d8b5f33dc7cbb09531f587d3f98a810527bc9832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
da003d3c0f6405cb4833dedac68b3659

SHA1
a540d816a0719d9d31058b43ef97df294e5aeced

SHA256
f62f41255810730e0b51dd56863c67156a80ee2fc289f7217578db0499aa3ba1

SHA512
529bafa56e46c4bb4d06838e81bbce53009c0458c8a6f31424d695b584bdc9a0a5b827508710c35b2125231776cd072b7dbe01c6d741bbc285ddb51dd8a1023f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a731b648f3adf02516d46934d1b269d

SHA1
b1c7bfc5cb26da1ebbd96090cc7a66c6a920a78d

SHA256
0c2f38beb411d26c30ae1124baec026d7ba736937c850219c1a4031045e1d660

SHA512
9051621eefa2212112e502106702b7f2e81d5445c55796783dd67bddeb1d9cf54f5aaa0843ef0148555f040a45d78d05c210470ad04d325b878d4dc601ff87f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c8588e4f01ae69129dd22040e4a387ce

SHA1
c703d5e98e49d5954b453ee2c47f24ccefa8c7fe

SHA256
103914bf5d77a1e465e9ac519d89ac26bac52c1d187d6ab7e6553dd7fc4821ca

SHA512
ed6f6e16db0eab5a6df530720de427c00b0f8821b5df8a5c32611da31171d5b3b68ad376db095d5468ad783513a9b0e69f49df901d88db7fb59aa66110078dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b8e4d5d4cddc0aa2032aedbfb1af9e1e

SHA1
46b8eb9b314376b40b56701ac5f7a57b912369d9

SHA256
da4842a435fed468ef2a4cb8076617db0b835ffe3f5526b9cbd57ec512c76927

SHA512
25065390f3ea35362df08a2b736613b5f1a58b4a0166fe5d64a968b32a540f749ef8819fde16fbc7cf08584a833dcaebeca462bd603fb89924a6f932fd1e1e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0ede6d8de613b641cb606c10a5b3a549

SHA1
29227b412a3e62db6f7a5755429fd458114b1439

SHA256
fe55014a10a9ac9e3d4c83b873577c657edae0d4a4f893e335c41e3204154c99

SHA512
b26fc13ee684f536a4b75ffbc292025a3f6f2c231072e00b903dd3166edde6ff0c39ac4a08c2aa2a418b65fb61ef06b3a8605d798bb5eab0abc26fafaaac12ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
a5e2331c67a36bc2c936b0538f2cd16d

SHA1
8c053a375b33997f62e3472369c092aca2618afa

SHA256
5ccadeb86c3f31f6f55568666335c043c1dc61ce681616a10663af7df63b6b4b

SHA512
2bbd3b11fbe829a846f195905272bda09a5160f5c05b72f7b22742ccc9305a11663de31edacdb7be4a549685fd01cc208bffbf399217e553cdc1c97ac3cd4ce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
185959840d80dd843877cc3c8b3d5304

SHA1
7ef6216c5586b791dc320277896927cbfedc3e40

SHA256
9ffc9b63a24c06ecfe55fca551610efcc8b25d1663ee31f4de24146b69527363

SHA512
725fc1ac35b66e64685aabf820e1e9dd53da72868c62572e8a6e5572066384059f73a998ec749097d6f88e311e20c1d2a558ae34edbd585352857b6a7b766dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
c7f2142f3cfb80c29bfdde95a917a1a6

SHA1
a2e98b8a055450dfd423dfe93c4704caa404d2b8

SHA256
de67dc8c738a80d91aa5aabbd3ab4b687f9b4c43764c8f324a033bc68aff858f

SHA512
c20cde8828a9c862073a632562e26bead036447aea88a9f7073120d765cf8c073ef1e57325ef8119c5bdf70b26275374c50317d48937778654d469e67cef7f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59e96c.TMP

Filesize
83KB

MD5
4c22b95a8fcf76199d7cc5ba1a9c1230

SHA1
3795ac434d6531c07f117e3943d4a1d7b40e74ad

SHA256
6e66400a9258ecb346641aed15a20e90893625db57df2340fe4bfc0996c3836a

SHA512
617b64c22ca5fd30c3cfefb473f44920c3a425e4b97f3be8606cd7510af6be1ea205716c2417e26046eb85279f076212192937327791d89e609f63a05d236aa0

Download Submit