002f33fee7b8a159058368b7e93e492931c4ca72e90660bdb2691bcd62fedd3c

Analysis

max time kernel
494s
max time network
1685s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Battle.net-Setup.exe
Size

4.7MB
MD5

f7fe24cebbc4b0332c77bce563e11b1d
SHA1

744968c9193e5a1b96941695600d3770e61a6ffa
SHA256

002f33fee7b8a159058368b7e93e492931c4ca72e90660bdb2691bcd62fedd3c
SHA512

a3f1e0d1a2c20dd1c40b5039085abf47a17a313590f40785181a4559c6b53a6622ab23a540fa9d56604ce4d008861558636acf798232de2d6b493e4ac4c71ef4
SSDEEP

98304:F84BwyMWieDN4+F/8njOyiiqTrAGlucx:FAEwnjOy5q9luc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1740 chrome.exe
1740 chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

Processes:

chrome.exechrome.exe

description	pid	process
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1636	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	process	target process
PID 1740 wrote to memory of 2932	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2932	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2932	1740	chrome.exe	chrome.exe
PID 1636 wrote to memory of 2772	1636	chrome.exe	chrome.exe
PID 1636 wrote to memory of 2772	1636	chrome.exe	chrome.exe
PID 1636 wrote to memory of 2772	1636	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2588	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 920	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 920	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 920	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe
PID 1740 wrote to memory of 2336	1740	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Battle.net-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Battle.net-Setup.exe"
1⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6629758,0x7fef6629768,0x7fef6629778
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:2
2⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1572 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2092 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:1
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2096 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:1
2⤵
PID:468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1500 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:2
2⤵
PID:268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2908 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:1
2⤵
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3668 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3792 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:1492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3912 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:1
2⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3820 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:1
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4084 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3940 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:8
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3836 --field-trial-handle=1404,i,9573890791731837039,14932633432903491015,131072 /prefetch:1
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6629758,0x7fef6629768,0x7fef6629778
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1324,i,14103359133610952446,3340414173909571536,131072 /prefetch:2
2⤵
PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1324,i,14103359133610952446,3340414173909571536,131072 /prefetch:8
2⤵
PID:532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1716

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\07512f20-2258-480d-9b8e-2f49fc2ecfdd.tmp

Filesize
141KB

MD5
9abd75249c7817b1f9fb8ed79e10564a

SHA1
085ba392fbb6cd578f1f836a2fdfd4d1db0ba9cb

SHA256
69cef54f1d99da59240621b7f67eec1e35310248feef89a81f0d4ea27cc0d998

SHA512
deec9504aa7bf81bedcd094fe4f8ac0c48dd239a5cddecbc974ee42909b784826ce38cd203c4d13644ab3d46d1becb1bf9e5ff929d9e24356251ff9964b04e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4c74e085-af71-4c6c-9648-f55aec5eb28d.tmp

Filesize
294KB

MD5
bf4275fb1bdad10c5abc47db9573a3af

SHA1
dfb293a9ccbd638ca4fbd5ef3f96a0ae3b0f40c5

SHA256
47a9b866654f2fc9497fb88b335b8245d307f41293a376f3eabe8131e9ecb892

SHA512
2f12cb2a5733041a0a2b526ddbe4f70aba8c0a534d0f92a9f6e385ffbc20c1f2eb96b4ad6bdabf02d302da12680901d3912923b4ecc59f9ebf71b1148df61b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9459aa09d99c77cd8234ab590a23f290

SHA1
a22d8eb9e980a15c7fca074d80ecafcbc9d5098f

SHA256
1ec747b8e12f84b4ce533c07f63fd573d066e366e44e3b81e2bc4a5a4c53e77f

SHA512
0415800bcf68d4c096a65aaed32477dd136f3e6a920fc2f96e6d2f849976d5ab0fe03619ac51e25201742ac75e4f72271d26de8ddd80d3e7904ffaf221a2b4cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a9aa2c569839c15f9c465fb411f6313b

SHA1
6bb145b1c23c0406a634ab13be6b3e0ae11cfd19

SHA256
4b2353783c4935c0bc05c49eb2dffe4eea50183596604cb01f83777120deb70c

SHA512
33dec6573f312a0fd10197ccb7750018c92050cc426b1e7b2df6f3e492ce3f86f2653408a2c8e7b7fc6744708d94b097d869f95062d4d9d2f1f4df2a44a3d32f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
33e4b04bdb280b5a39eaeba5b97c455f

SHA1
d0a148da9ee0a45e7c975594ef7bfd37a8739dd1

SHA256
a514e24bee8918e213ab95240849a2a508214a3e48440d060d34641924a1c670

SHA512
9e7553e90867709afad88345c1a32b6744dc0a14144c99771e9cc7d5caa0010d000f9f5c1e96c5b58515640ecdccae97346b9d1c466630a430d6da5a29891f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8dd567cc158542252d37842afbc42699

SHA1
36efe32baab0a8d0de81e3b59506ca7b5fb27a75

SHA256
ea79ac63f10dc512739ed2e6f04896ae29068e63ac49b59e5beb311a4ad55a1d

SHA512
9f543fc80e76e91fc3353106ff7e8db0447c5cad49ffe6d48a3b72dae21b091251bc3e84141aa9ba2dff528803f861dea16f7c6e3ccd71ee8f650a4bc5ea9a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bcdfe3a8b51975b5ede3ccdbe20b6746

SHA1
b494da2d30aead580cbb12cf5818dd3f50ec882c

SHA256
64de27a19ba30eb27d17d241daa78ac8379eb6ac5b08ef1d437746e4dd515894

SHA512
fe2c2a6fec9e760d62994f705dbae3ccca3f6eba9c3bed86a13f236b6f870a1bd3a02638e254f0086cb477866b7ba0b5b5a4f7820e98d6bf25bfc0ce0a719c45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
198d3735477009e41e1c612cb95d8c17

SHA1
4983e9839a68a3c364aa27a64b1152584437a01f

SHA256
d5813323c2711fd4b569a403595a74bd9727e2973e0a25a933e51e30470088d1

SHA512
d0dd7447e23801be46d93bf47fbc122d45196a815b498d678e76586226f011f59d413674ccaac31477a24cfe5ebe95ce66895badfb6df8c87da86b66324c7fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f8e508e3c2631f199b1e84aab2f635d6

SHA1
393b5657d60247b402da64393590be8b70ea0904

SHA256
88cd59e3ae12b741f2f38d485edf456f60151b1bfb84157b4f03b04c77665fa0

SHA512
c47622800b6a89d04c58d0278822716926f08c6a1839c936bd46af1a4a04c338447c39dfba2369eba6c8e05b8358d320aea6a5c83aeb3dde8a2ef62e5d3de7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
a92237540947afa82cf6d20e1e62dfb0

SHA1
8ffdd8f7ef9181abcd54a8eff07588f8ce000b42

SHA256
15cdea32fda502087b33e8107b23c9d0bb82ac49e24f01ea79c76b8abaae1801

SHA512
e0a8d43d51c15d2a5e7349fb8852a2da8f150ee5a52d78126b2d34283908f9ffc1965173903b8814506115499c117631046054fe6a5baea653a6fe630fb517b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
3b194cac9e83de5a19d9209929363ef9

SHA1
c62c527d6811aa2bb9b7392d386d406ff1c0d431

SHA256
b18485020d23cdcadad1f00493e1f675acfb060f28139cbfea2500cf9f32fddb

SHA512
51eabb20c86a659e66f454452112bfc7f72da784301930f5b9ddbcb80ea5d41c7ccd81a4a98cb4d0262bd84b8a22b029dca832309bc9d860a96edd3b99caf9af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
c0945d67981e77a953cfe60109b50f0b

SHA1
7b0061a40dd370fb0c9e08e1d29dc17532e5045a

SHA256
0013a32bbc53e95007530776318d8f7c293594206975fd88a0b210f911681863

SHA512
714bee319adc5e1b3ddebf8f3de2d16dba847228df3515d16317411a5a7a2e16a513ace4b4a130c265ad174e5c8d3ecec6ab312da46058bf4ac36fbaaea71d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
606a968db28ed04fd88f64157554aee7

SHA1
104fbf2fc39b4cd9299522d360822b1b74d0cfdc

SHA256
608901a045e056dfe25f3a9cdc923ca22fe10e4c1864903bd7fd3cccad724643

SHA512
1c512b6d6eae0ac46b806fa328ee0c73bddb8687d1db96d1d8d303a8d6fda67a0765cfb3c938f3e0578baa221b684aa9881f30bd6eb3c07f14ec506db9226dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e11ee046e60757e2157055240e369dd

SHA1
82228fd329e16e4d7f42be323133e32b1cb69cac

SHA256
3e09aa42496798f5bb4fec109c3a7f69947be0a6672eade5c551b0eb01a4d181

SHA512
e92fc76afedc79c0cb2b249aab75e1060f5945f29d1351c16c25181f765a9d69019c4997c5e699517ccb409d3eaf707602dab67b6f3856a95b7a2ad534730d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ac7d76ed2fc0e9ee3df109dcb1a46a52

SHA1
893e8cddfe963bcecb88727bb877665c576d6cfb

SHA256
ceab64e4ad9ea26d6b0a814cf36013fe43bfdf7b63281e9064837df04d389363

SHA512
6d26c057bc5090b763a13397cbb18b37f354246f9a9116dd442d654eba09d24b18a05253d1a9b1ae970d7afdfaeda152d02b1c95c6aea6241c330de32f341581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
89d2d8549343235b6cf4b680a1f3cb00

SHA1
da17064f1cd18588418bb5b7eb7e7e66a592cdbf

SHA256
6e5ea95cb05176138fcb907926e962d9778be0c3c27dc271272df29a46df22d7

SHA512
ba21b08c2781828d7988e64d8cc8008157c2bffdd544326e9e53fb581a278d12b7d706595f81d35552007515eb1eb4aaf95e37ab2cf3d00c41878d82a62742d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a671da7dc5e40d6e9eb6ad4f52b040b1

SHA1
c889ec3bd3c345d898859a7f2336f040cf42a746

SHA256
6a5aa3251310f14f9e945741e9adbd727b13adfe5020cf2ef393d0f6e9c3fe1a

SHA512
56153107c605a36323bf34b0eaf1e5aadd5ca778610b0079b611d71158802beed0109568ea7687aab17ae0a850a29b645240e660ea7250ab214bec18da63d8a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ae67e07dff83f2e85ed9310f0e1c8ac5

SHA1
c5f8d92e5ed2bca43bd08ae86c77c9f33d47be11

SHA256
1c5fdfea1e7120058aaab531fba9359d5c8574a406ca1a260571330ea1fbff9c

SHA512
f01a76c8266843faa2c5c8480792d08a0b4394b9fd9f14a51871d80a4700f3287b3757d27fcddf366e8d33161b0cea8791510f112ec8031ca7625f2f7b79df09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
e55a87b39107fd7f0ae08d41066ba26d

SHA1
4198eb2745d2597398e6a18c19d9a2abadb58124

SHA256
31ab922dfc75a4ae5c27a9e9c90d1eb073f917e76e4b799159b89016e8a39e9e

SHA512
5d17ad376e88bde18801220ef8f4970ee06297866fc436100e7e2483e1c78695903b2d0b48fcf6cd9c715b09fc31276b30ef5cd58119845e6c2bae04b60f0865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
293KB

MD5
a9544da6815ab4feebd5a54c5599252c

SHA1
919ce735f226fcb321eb0ccaa6619e9507f89dcb

SHA256
0e0a9b343659cac9ba6632eb05726e6d5a9e8ac3c0ef08c45e694c6301f7fd5a

SHA512
f7075c0877aee0ed5ff846bf7c2d61084876e587784372d83c9e1b7c0a913284a6c70054cc15dfd1d85c327a40b2956c6cdce7a5ff4c67dd66a651ad30d1cd80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
26d801c14c7c8291e3606ad92b2ae497

SHA1
51b7a1096cc667c641f3baa6b6721d2b37dedf5e

SHA256
25b731e4f8f9a150e16ab281dafffe325abdf0def5d2d343bda690d7d363190b

SHA512
a56531922fd72f03e725b81e8ff172b304ee2ef74fa607e62c97e8d500747e9bf278a09546260203cc9acb591d5afa3ae4acd5f20737422a15f2114167cd898d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
311KB

MD5
a7d2583e8fd66c3c7752f1f09243e2d5

SHA1
26d459f966cd670b95875f45a372ab8a3ba654ea

SHA256
01c2f60347cf7c02688f7b4d0d9010052207796ef67011f10605c25c4dc3a50f

SHA512
08231a81be73ec6f995c786201de0d7335ebdec7d1b334f174eaef8b6092bd6444791c9b0be48a2e66e8663bef60ac7240f550f1fbf0866f41953572497b7e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
294KB

MD5
b26a8798e7a9b44d878ac0ffc06f9d85

SHA1
9242dea2d579a6da5fe929095f11880d6e8acc16

SHA256
857bc4393428148998065e4036969a6184f9d4978cd144d9131eaf2eeb173611

SHA512
b174cda4b311dc1f7fc1fa40d86ebce9b2412f991879e230d6dd4c3e34821d596e6c4b12db5043a39d3f96cca6500ecd4e1883262d119f3956170603cf1a3879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB4A7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\??\pipe\crashpad_1740_IREJFCUHDJZCVAKZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit