d4cfd7d94634f3f47edfa00376fdff23f97524de353fb44548adf095e712b9f6

Resubmissions

29/06/2024, 06:57

240629-hrcqqsshlc 9

29/06/2024, 06:52

240629-hm7qbasgqb 6

Analysis

max time kernel
68s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Serc_Menu_V6.1.dll
Size

147KB
MD5

4b53870b412dafca64f79c5f26cf072d
SHA1

aa1e0f737442742398db936bd078e2632dae6fa3
SHA256

d4cfd7d94634f3f47edfa00376fdff23f97524de353fb44548adf095e712b9f6
SHA512

7214f14d312d36e8134abc2d6e4f5c1721ba2afac774b509123ed70be859f07cc189374688ebae12d85f859f8fcf99218bd6d86975cef0c859d492dcd84ba907
SSDEEP

3072:RNCSLeGY0nu57Arx8BFGQLIZrOMnK15Y:RNR0bAYHWrOn7

Score

6^/10

phishing

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
29	wtfismyip.com
30	wtfismyip.com

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2516	chrome.exe
2516	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2604	2516	chrome.exe	29
PID 2516 wrote to memory of 2604	2516	chrome.exe	29
PID 2516 wrote to memory of 2604	2516	chrome.exe	29
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2464	2516	chrome.exe	31
PID 2516 wrote to memory of 2488	2516	chrome.exe	32
PID 2516 wrote to memory of 2488	2516	chrome.exe	32
PID 2516 wrote to memory of 2488	2516	chrome.exe	32
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33
PID 2516 wrote to memory of 2468	2516	chrome.exe	33

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Serc_Menu_V6.1.dll,#1
1⤵
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef77f9758,0x7fef77f9768,0x7fef77f9778
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1608 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1300 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:2
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2216 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3980 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2596 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3920 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3632 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3532 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3732 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2736 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4052 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3592 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3696 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4212 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:8
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3576 --field-trial-handle=1288,i,12206255356757097741,9462249904068039635,131072 /prefetch:1
  2⤵
  PID:1296

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
bda99429368060a31f5c761291e7bebe

SHA1
e5bd9c1ec304bb2c3c18a22417f8e3688cc71b9a

SHA256
a24a3ad8c6f32a36e2aa2cf1832c3c5eb661546b2ab8f8c030dcca6e10c6365a

SHA512
218f79ac76eb973cd96715d17c0bb29adccbb57c25f50edf3b116764e3a0416ab0957b06a6f1a73c799b808da6fbe908dfea6dc8b9ed8ce708dc0d7b54a3a3bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20a869e8b0644e657ca9b1da6e50c3b8

SHA1
8a7fb8e683f3a860c32d2dc92355ba2e8dc8d199

SHA256
7fc11e038839061ddf084f6dc21da1a5fd89ba234b2161144b8258b93c23fd1c

SHA512
800eb408eb6253959b90c869a2120abb33d7f1e71f777d961b1e6c4219d4d1b02c9d6424aaa1413c8e32fc40281f1d44336ff2d6194eefe4c8fb4c20eea8c56a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95b569d6a4d282623903d33e592b980c

SHA1
24c35f1b009283d8613394b92ab70fac519578a0

SHA256
a46a354ec503151f8255bb7219b0ab4c7512f027e028e269ff6d744746a75666

SHA512
ffee96593a3d257428def3556af19c8e25845f847099eabe38ac40ffd18886b511a1edc7c7eba7c565a5ad6ecda301ee6ffa887f138234bfb85f2ccc88dfb249

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba75378069721e9ed1e16088d86fdba2

SHA1
e8ee9f98c962ff3d05786912eb8f177d5996e91f

SHA256
332581671b4013a8fbd9a1c3fad76349eb6a1929fb56244ede074978eac47ca5

SHA512
af6873320822b7e0da5c555ba61ebbddce506d1d6e7d776e817c5a66da21d9d33be9c4b64a9e4170e5ab4c8eade8ee12da68ff90f9bafb86530003e9b0304503

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcc3eff3967f91ba7ff973634d1aa2b7

SHA1
9d666f6b18305552b74b26f65d5d2c3c6e4537ab

SHA256
a3b4a674f0f654f5f943264c06639abb4e426219ef2aebf3308af386a96fb44f

SHA512
45e6528c1429d893fd731d192cbcac6a18b92f5dd2c5399c5c4515b82b44a75ec220ac2c1a070f65f370f67792562a97ac2633d920fdc88630187900c06fe640

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e0f5820207740b0d776ceef81406119

SHA1
96db87080631cd237a864ccfc73e40cfa81adc93

SHA256
e887eed19d5dcb1c16ebddf52782cf4a6d7d435c3cf26cf008a4ecbe9561b19d

SHA512
a7579c76f5a022e28661819d23945e7cc3e1e204687546ca7a1dcff5f7ce27b85f284cec80807059f2e1193910f7cac200e13ebcdd9dcf1b26f522c5d7729074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01ee0a2e68b4effe10fcf1c136349b3b

SHA1
48f0156e4ddaa4e333dd7c708ade3d09ead5f31e

SHA256
668a1fd1e11d1b52ee907440432c72d3e6763be23ed2d9b672a65c716c267620

SHA512
a32071bea2982274622ca2283f373a0288290ffba4e337e31f5e5c648736b93342ca7635603def19478a5f8d3c56301484beca848b297195be356696ea00dd0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01b33675409fc494b5d6371238c0d671

SHA1
cabe8ceb35b6397614d3a11c801473580a0d3aca

SHA256
76ba7eb7ce8df6d67a2327eb478ecfd8f72ecb9b37b7fe8dc9141d7b94467af6

SHA512
6050fce93ecaa4b83ad386fa75430b7d3b3c4a3eb975a0bf53a056eee9e8ad03dfa57db78cbfabbbfa6850d9f2a926473ace39630b2a61d10b339eede38c5f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0a81b1b2-f65c-4f2b-8765-3461a97a3e47.tmp

Filesize
6KB

MD5
81c97d91ecc93ed3f81fc65ffe5b39b5

SHA1
842961cc5bbba4e819e5113314c1ba7051497724

SHA256
4be89758ec7ab7c7d920ce7132cc5089697a22d7347204078e3cf4316e95f95c

SHA512
557543b80483ed1bf1c50b0368ac3973b3ffced0cd2c46bf362068c6c4dd503d60db40383e368f0e0d95fbf08915e6a803080621182df9833cfc4c9aeb84cc1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
59KB

MD5
1d5f57b36984d3bc13513937212f7c85

SHA1
6962d480bc6216080b90505c9f25c8a3ed4c8df0

SHA256
7c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30

SHA512
dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
cfd2fdfedddc08d2932df2d665e36745

SHA1
b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

SHA256
576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

SHA512
394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
1024KB

MD5
214b2fa780663e5b1778c56a8c0c63fd

SHA1
2a82b012c67b9f595eb9d236514bdc5fd69f99e1

SHA256
916ba93a76b04c7ba7dd845ba5df93b495016834581ea315af3b99207251cf47

SHA512
6d1b74be3c6db291094fd464f4a6e9495e5d88eae0ab98cd94c27c2d201cc002c5dbac312157693ffb97504b14b1137f6faece68e5bce762a215d58466555ec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
86KB

MD5
9ddd0737c0ca1606ae31f23fce133795

SHA1
6ec113b7d5bb4e00796f66609d14d10d3e829020

SHA256
dc1ee60f8f7100aed48f6b043412dab4ac371d67c41a035216dd7b8d979d0b28

SHA512
12de1a1427acee3dc855205be52956322903270b033b78312a0b3a3c570fb8c97cb7914ea824e59260d4bf363c61647d3666e862ea95786121b499e8b6eee745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
147KB

MD5
759ab24cf5846f06c5cdb324ee4887ea

SHA1
41969c5b737bc40bbb54817da755e3aa7d02f3c6

SHA256
7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471

SHA512
3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
12a5925c1c0bba43054a07e8e73ee60a

SHA1
3a83e84fdc1327330d49317bed9b6f4be22a01a6

SHA256
863d8e69e3c66b3e080023a853585cc215565cf6f27af71e3b17a78f395ad6eb

SHA512
ad2ed2f196131f60c8e109bb19c259d538c5dc52050a2d9764fb24bd7358064e43ab4132b120fb4be40fe493f9c90714e8a754c0c1aaeca9900559ab7615e337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf77d855.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1f5244fce9489121765e9c61ec7c6fd1

SHA1
14755dc9058ebfa25923c2fa640cfdfd3aca28ee

SHA256
df7a9b5fa7dfe07c26454a27d082c594a9ae337deb22e84db8e0eccf04372f6f

SHA512
4bf02bb9e2121101d899287ac9439ebcbcaec48eb07848cced8cddb44d26a2cca0e4309e0b7382c145cddb3a739aeaa17ad85bf0ed537cf7e881063880c672d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d147a2f83572570e1fe8ef5d18d5e598

SHA1
fc0774cd9e19265d8ade181ab88b893a7c50ab94

SHA256
7b21f820072dd4fe573123ddbaa1ecf6deed4b041142e0e99bff000c399cf9be

SHA512
e4d3c6a401c02ee7dd94bc167724d269f8e857a533e4194e3503e5bc448e54b1a60f7529574963d4e5ca9953fe1867b636c2f99448036c83d7c571495d129423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
6a55acf30d382f50ddc8597749f62ff8

SHA1
792d1766d5a6954add0694f36551d0d2b12c1c7d

SHA256
210fbd72432ac5043c1073dab472246e7992e2a00af4ea98dbbcd20978e55d56

SHA512
e3ccb7d20e7a36b99490c5402ca33722a01ed666502c8c583e18c56fa94fcb96b20eaad9cb6b211f9f75a46324fa24cecf9db8e115ca8607c2e3d4f2d6c97fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b7d04248144a31833fa689fcd784ccd

SHA1
f742aabdbe6f8863b230fd29b3b3b498f704b4b6

SHA256
ce0ee5b56dc34382407bd67576ffba6b50c046045de8c972806f078c7259edab

SHA512
5e2b8384eb4cc2e298d8e1b1eba343d794961447b2dbac7fbbed8addf774451bb170938bd24cc0442bd7684f9d48ace75ab9e19814b80d4fce71557fc33f0cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4c7d509c60eaa94d0039d4a0319ee80b

SHA1
70006c304dbb713eaa43fcc9f28d449fce6545df

SHA256
0b4d464cdb79215fb1caa402663ec3c42574fd3ca92cf7e42e1b605ca86803b0

SHA512
56c7ab759181e0560ce48eec634f6df1c8d9e7ea6bc1a73da1063faa2783e56078425fc0d55789d964435ba7009e712528fdb7289782ba57cea165ca8b831ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
78c7d4e9f7d5e2b014cf5a6283a19105

SHA1
958127ad48db95c357ee7298e46bbaf07323136b

SHA256
6f3bc75c15cf44739b7b09494426227f37e51f963df5affe4a9a86243b8ac2f8

SHA512
06a2d579fdbf01ed34fd4d2821fabd8a12354e1dd658dc83ca4643688a9d23b349bbff16bb16c807b4d3ad987a2b394a0b4ab86c015d7f69904e79f3755cd4f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22fb80637c74fad61193894a737c76eb

SHA1
07303fba5bd15a8dc44663bbdb25e4f9608cddea

SHA256
cc8a835c1fac9d64beb9e401d6b3bce6fda8dbf52c9db9661eeafcb102071eb8

SHA512
92e8f92a775d1d837b7d078f143b25fd431a0e3febd9599e5c59d660fc9ba2a03b8e3792257103abb341bddb9f455cc9a27b62a90b702f0ca4c192784c3d3935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2b9967d7d0ec49d93803ab3e0dc2fbf8

SHA1
c2a77215da8c8a8191f20a109d078dc2d466b0a2

SHA256
7198224f6c3810c9a87f0eb6eca1d4130f3456b8e680edc2aed421be1d674cd3

SHA512
b51f38aa1b329a00ec403c4b311ba30da32e7f9d088c2531889b74ff5f0d47bede6de7ba33aac1021fa50b0da9a3eaca81a6582d2b416bed2d056f029268cb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
90996bf279f08e36a99c9c48a22a62c4

SHA1
f09950fe100f16669fe3670fb5ce81eb7572eddb

SHA256
816b3effcd2b68959fd6caefe3a1978291b847d52cf01bca446eaf6076282405

SHA512
1825977fb6271bc696cd4f025610054bc08a44b6c9e0fb335e37e354ca4cc678483586d47881a4f17090d4f6bec6b055a0e8a2c7d4b7e2ce8e52559d70e39775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fc0d55d0-11c2-4600-ae80-821212f91d30.tmp

Filesize
7KB

MD5
94fb5faada1b192da0321257e85e29af

SHA1
b5ebec11637df124ab9a5388c721be6623e61bc3

SHA256
ce514dfe78fadaa5037b402f6e75b6c91e58291bc53a92fac1ac75ce0a695850

SHA512
8f9db534b73cc6016361348a1586ac21f254c44d619e23ddddb1f2a78ccdcd8570a4e7ffadb5e0119c7919a8d1f9cec03f2e4c9b113f3c95a4b29d9282e6272a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
b43f135c0d17519912c9b9264b62f8cb

SHA1
bc526c0d612de62bb53f4883f6bd3c6e6395badb

SHA256
60e2c018f82fa5b1fd59458ea563f5e28b75418685117741bf8a36213b47acc7

SHA512
5bbde0392d2d17d69942bb90092c4107eff1f734fb8b188f5b7e4cff1ab5fd74ebd713f578565a6b41f6d7328b513b665d6b1fba6861461c787f637b1fd8c4a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
6f4f731094493677bb8302f1e07d5190

SHA1
8ca7976d5f77a1360046ca2164cb9d93f7ab5f8e

SHA256
a4e720e983f126692f1838b5251a16391824d3f854046a502c25c5210ba2b68e

SHA512
67c4cc20ab9227074de839226e29ccc4d757d6a2ec49446e2e3236d60871498cd35b26a9d4ca187311bfe5d28665ce4a43d21677955ff3a4e7d9f20d20d96ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7749.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit