78f03756220d71d6e16b2e7a8a8ee4af46aa61d79e356554c44cf2524e00961b

Resubmissions

26/07/2024, 18:28

240726-w4pgyszeje 7

26/07/2024, 18:14

240726-wvc3kawbml 7

Analysis

max time kernel
282s
max time network
511s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

!#Fileş_#!UŞe~Passw0rd__~.~260717~.~__.zip
Size

15.4MB
MD5

5be5cdf1f9a125f3398510fcca2d301a
SHA1

481dec7f1b70c0a914397a3368a82266c839c7c6
SHA256

78f03756220d71d6e16b2e7a8a8ee4af46aa61d79e356554c44cf2524e00961b
SHA512

71c4a651f45150d3ec6069aca910e829d1da338e70e304f996920c69713fc8273038f11ca3539dd72c47a555d6087120927fc99873c42ca345baaa011ab33bcd
SSDEEP

393216:2WsTINy65o1Y/SLXsIS9DNltswcMwFpqMZ8UMFxZQrDur:UVuKLXYdSwpwFpIUMFnQrKr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 1212	2960	chrome.exe	35
PID 2960 wrote to memory of 1212	2960	chrome.exe	35
PID 2960 wrote to memory of 1212	2960	chrome.exe	35
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1432	2960	chrome.exe	37
PID 2960 wrote to memory of 1028	2960	chrome.exe	38
PID 2960 wrote to memory of 1028	2960	chrome.exe	38
PID 2960 wrote to memory of 1028	2960	chrome.exe	38
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39
PID 2960 wrote to memory of 1980	2960	chrome.exe	39

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\!#Fileş_#!UŞe~Passw0rd__~.~260717~.~__.zip
1⤵
PID:2872

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d19758,0x7fef5d19768,0x7fef5d19778
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1104 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1248 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1744 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3204 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=580 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2944 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2392 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2476 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3400 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2240 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1776 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2700 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2992 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2788 --field-trial-handle=1312,i,5387084642230467395,3303870644806682910,131072 /prefetch:1
  2⤵
  PID:1948

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c371c896d4432075f4a657d5a251dc78

SHA1
75f2035632d0ce77169d76816714b9d970a7b3e3

SHA256
4d7d158f5f3b81c0c793ff57c2ebca7c49f221ed1ba042caf8b1404a6f8e74bb

SHA512
23220f4eca662018a497432cb203e95bb56befaa385e66289f9968a74f41b9da721637040c4a423b832406c73320c8f5f9fd005ecbc48619f69a735580f1db17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
107303b59be8b85d8177f428849236a0

SHA1
1dde3981aef2a388262409b89bd3039fa838d5f1

SHA256
9d2581bab20f7b2716d3554a1a8241205db591b47fb4a7a789c93a81aa120b14

SHA512
3e78ede52bb3f0a272ce22d6ae5fade591cfdb4d38fcb04a0c326e1a62c4a715553a245a4dc0e5ab74e75ef4111371f9513f7fcdfa54c85b0d6b36b350ce9ac2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ac8e64c366648bdf21c9c34f0feed2d5

SHA1
a84e463f191e44e180023667d862efae8adb4f6a

SHA256
dbcd1109b7634a0e5bf8dbbd94ec6f4edf808b3358e5e680cc7a667782ce9039

SHA512
84ffbc3bab9a4008dd1e3a4d726f315301b8a1f73eff2747edf85a6e855e5bd7e98172e25ec5b107d0876405578f37ed1d7646965fb768f53a73dae248271170

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
aa9c08e45846c17053f05e0b4583ebb6

SHA1
1b5918981e610704ab3a88f955316df29ed68ac4

SHA256
3881711e9b6a05738484768781682dcf05432891d2bd8f3a69f59c7614627391

SHA512
1da7c0dc981ca2f2003930c43399bf5bb898427226d9289e33b0905703a365f99b04a314395104ed742a7ccfef5ef6b5153a90061bf25b8e74701021f31347f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d253109a8f2c5949ee97067f45d3945d

SHA1
b8709163c9b000051342bf6adcd09d9777387fb9

SHA256
05bc169c721a7474389667127e653f4a5c168023ae5231af40926c540f02f2a7

SHA512
a087e8792a77916fffbf6d5f688b7ff5a326e254a79ec01de9129304cda21a478ad2b073eac1d87a4f9fe968e38ab79849063efedf25e3c20a9a5a423b3b718b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5fe57e12219be9b799607aaa4811ff59

SHA1
6fba31e744643bf5f19b12704c2f380b8a057e60

SHA256
f5be3caa0108974dc55a3c6cd1da60b43a5b1a0fed8c113ef9291895bbaeff24

SHA512
18091f6c8c3e74e501f63799ad159830dd4c764a54f50729b9ad0f96d7c22f310ce4f70b2c7bad5046ffa029da156086d559b0be979aeff8b5a385faf32eee69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\607468dd8bc43e8e_0

Filesize
280B

MD5
39763413cf8d900eacceb94533a41096

SHA1
2b56a662160a29f86e48e41646b9e2058dc1a5c2

SHA256
a7c69d93469173df517d5188abf204955f0bfbd552cced0e1da3716fa7319bbf

SHA512
6ce0b9cb479a8341540e1194f38968c3ac4eb3f19a4ca793ad097c261f0a42def9490f6115feecec7ced4adf73848521ddd1f8a7b332dad66f11e92edfb0cccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f2ba13d562dacec2_0

Filesize
19KB

MD5
dbd78d9d9b2f677c2c695bab879c5810

SHA1
6dd9710356daab3eb2e6c38f6b0507f01b2a22cb

SHA256
1e0e6daa247fda075fb9e5c0908e5721084a62fc8fc828708a8af84f1fa4ab19

SHA512
4d76414dc08c720d0bbd2ac4620f71474d40a6bcbd6e99834e50bcb8bbfb385a86feb2029486c5ebc7d7a7443a12313ede28340ecaa62a5c788206bd71b362b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2fc7a818a4061e91130b5047c8022a91

SHA1
aa77c404d3b92b1be541b99ba53605b1f36f3b2d

SHA256
8cea310a35291fa7c6f3921473f5ab0271cb7f49de23b0803b84c662809d90ce

SHA512
6d0a5311c6f728cbd85e255a3e2488022fdfa2da517fcbb864ae04e491a27ed27e65bd22abfa4c3c889b05ec21ec0a585140ebb6464fba16ba6a4445568082d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6a7ac0831bde78f9a9662fde6a2513e1

SHA1
96436ecf61f302f997f1a471b5af439d1a1fe758

SHA256
9cd066382d682b59a2445cf44b89532089fb256fb3e6aef24d322a96d7e1a8fe

SHA512
507324d38e4de8c57badb01f41db2cc9ff5340d8a25295589b9e3e737df115d9757bc047ce88a0700966cb0ade98a9208875f38f06573e2fffbbf15a68994d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7c38db3a1b1ad68a20530c2d3222ca4b

SHA1
a4d1869233d4998c74a549e0fd73d202c582d80b

SHA256
b3469137a533358fe7c4c05dcd546bae3e82521b3aa684412c6adf5409703a37

SHA512
b951da1becf93a7a7fe42140224c6a2c39cb72e73b8458205d56b71c97734d702bd91579ae2cc76b4e7ec8c3d7b9c3f272c35f192c52ac4ce961613ddbcdd2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
121f961044def6edc9c779f9fdc4c549

SHA1
519baefdc346c44b529f45e876a9f29fe43f4392

SHA256
6bfa8d44e65c83f72dcf7ab8c7c4da4d1335195b41bc9b06118f128928760bc0

SHA512
aeb5c7d3becfb65998a083617dff47f1e6b8d2a81fcb1d13b15efda3312596a8408e87c0a3db45576fbf64e5cd9201381a782c1f5a8bf6e9327dd3ab974c65e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
bceccc5e1da531dc9ec0443d36f673f7

SHA1
7b9e4680dd1c7f649e9c08cd4df25c4176c5c064

SHA256
4b35a327bd031fc010ec6591ca2c0b891bc7e00f376a07619f4305a3f9e81a1e

SHA512
0554893c34e3ea601b78da4a3b7bf53b8520344836b1e91e0ed31ea33b8c72f709e77e1ed6f9c17034b93f29b64dd15f5dd7a2610d2777b84bde7da5c3341218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fcd02eb9817f74bb2f62ddcd591b4662

SHA1
9b0a4f84e87747c4a2d219ebcc61d2264cb36bf9

SHA256
becb9af7d78a6984cdbb7058abdc93d446581125dfd5e23835aa08b9da0ac035

SHA512
6e48a566d3db4b08642d1ef394a18a6dafa28e207e961ce2f5c614f273901ba129296410faa3e5658e226511d17759f1316a3d031e2c4c7f7b86cd47b1075af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b59da717f1b0ba871c8935281d9227dd

SHA1
28276f75d13d80102a5094ebc5d5b451104f84f6

SHA256
db1beba3d8b094580b7dffc77cdd554801c4e67a0433e5972b34f5247f4580ad

SHA512
0530953cfada69c1ac5ef554391b5a72d4ae56b66e6579a14e1956d928e8c5b0407bf351d83399b93b94988a7f5709b881e7a3ae62782e3762cbfc17f01bc8f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4fc7742c9ce137cb91a965661ee321d2

SHA1
0099bf25058516c2c4987bff514e8951dec648b5

SHA256
b0d7c3a7635e32f12e1001e8c68270546c8645fe8164adf63b5396643313500a

SHA512
5f461bf402aa1bd8270be02b2806363adb57d1523b9f2bfcfdf2c74ff3223958627487b3ae0125919b5d6a24e9d4d522a6b3cb04574c55b800b4182fd4cd3488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ca34453186628b1c5b5e3aab7c22ad60

SHA1
167d7bb9effe380c4795a96d07b6501d0cc6363b

SHA256
ad51ee2afc5a04c3df443ad9af742eed735b63f212893a5d238d8537dbbe70c7

SHA512
69ea8b983e0d4cbf3fc3c5ab691c451940080d5a614172d76b74086a6f2663acedfa52d77f48e60c99b206d4857b293852a45e495ab7d44fe7875628f890af95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
9026c423b2398fdd4a9b3ad43dd85935

SHA1
d03a9bc4a2e5412a9f58309bdcd0969f10751a9d

SHA256
e09180fc28b6d56bfcc77b8e8056ceeee942609778c1e4a2cc8ecbee380dfcea

SHA512
69aafc95828fd67660f95e3f3cf9f90ba8a8c74d1d3bfe42438987006f8494a79cc6710f5be4dd0711d82cc809e51e685f68451689543e6cee8d00fcd39334d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
e9eaeefaa74462caa52b705e0d140282

SHA1
bfad5ba361ee68bdb5a7b2e0107bd9e64bdbf18c

SHA256
709c36c47d3dfdaeb13ee27098a2e5fee61886287164747368e5f2bf179aa1da

SHA512
108b16b0b6b5c6b72fca81084ae078eb586565ce93592b517664712c72876a0e303780303633c45b3390808aae01e014000ba082452952f97a8a91f92e5c2cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1aaac057edd364f33588121b09d8d019

SHA1
898478232a30a17a4970d0a49147c35a79d55c6e

SHA256
4531f1830925db1b7652fede9861b75748867234fd387d70d7bd0d2664074990

SHA512
95d19cc72390ea71ec567e8712c001ccd4a06f4c0c4ffc268eff625c9362779bf08e49f58adde58e94481cb69e10d5381e1e32801e14d32d36cffa56d9b6da1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
0c3f588fd2a725a1f0f383440d6f375e

SHA1
e2b6962d5914081fadfadde0e3da4f5bc4e1c0c8

SHA256
d3bd703dd2a408c12ac1d1ccc0b4a6b46e82261e55be03a772f61faa1917b89c

SHA512
b9b058fdf593bbef0a0f90dced59acab36400c7154cf8bf6d38d9d58474317de42fb146bceb1fb907dea120ef3e9ab010d8fe45a191dccf56bac9d027deffdc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
c58e8d301817cf4cd756d42e55a17d5f

SHA1
0cc3b6633077229745ce307353c25d4f0994db8c

SHA256
7f9944f2e4edd6646a986d4968cf3e819aaa53b0e562329d6f8a8910d9db2620

SHA512
b2708ed365a82c57b2b238183e7ee343ae779c2d355e27102b476ae21566be23c128390fdcaf35b157d075e8b638c9ecc2fde3285988b87fcc0a7ea60d991367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
a31e8521e4a63dfd1367a65916d8c65e

SHA1
08e52448962de8353831a3cc891b60a2caf43574

SHA256
42d650ec4fbbdcda3402b56ee508646d994dd10d7147739a41df3359d14f8fee

SHA512
9db32efc1c7b4d15870d52040d5d933789a9d8e9d74e8be2cae8aa8b2736479045432f5ed39a5cc62f3a6e72b98882aaaeafb1accda949443ee9fb52341f813b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb9749baf5a9caf9efc9d05324dfd227

SHA1
a23b54a0dbcf66a50eb8a32dae3510e7e56a940b

SHA256
71377b9d618e353a99aab9d4daa6e24baa687e0d8180ad3cd8e5cc2abfb7bbf0

SHA512
6c3e1ff800e193f97ea97eb48eed131c644c4d192611c583421a838144271f98819d0fcc7531e090b82635922794206f72f69674fa3ba7ed50d6b856018b44a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
51b93dd299848226a95db1a0f5ecca4a

SHA1
82e7bfb148c88b3887125d50cd36f382229ab2a4

SHA256
e9ef7197eaae78233418435131b647af4944d5205401b7138d871b94e2eb3f40

SHA512
f5b1fb0888b7c0fa2b2dd3da2e36bb58e081ace1a1e2e94aecd34a659d16262131d2396ac19d61ffe72f29bf02fa63888e471ce22ca3d6ae94099e5571086474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a6feaa832cbb836b224afe90f1213025

SHA1
0a2add71b85a015a1862bdd642bcf2297cc9b90f

SHA256
0daf527da8ae6b923bac0b4ee08074193ba0dca9e9bf777232126e60b6d0b7d8

SHA512
58d26a80a7aa621d95ca4c995efcb463140edc01074da722c249ab18e0949a949bf48607d714d221e341904caa2d95bf47c113b5608cf51dc51b5cac6fa92924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0257d97b375e14f07a333a69c77c9c8f

SHA1
387686012e29793e4c3fc991be3bec171ff1713f

SHA256
f782a396c097ea59067580288a42d2217dedc62fa2ad21063e6c91d18c93cd64

SHA512
79ac4d980f38f0c01924ad1c5e39a14d12d4e3c584ece74cda0373f9e6d1e2d9fd469b85bf62bd45d446f1a830535a517b6f3177f15a9f639e3b7803fb9af327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5dcbae60c95539135fcbaa3b56bccde

SHA1
cb4e9104c971bc9183798adbdb8831e12dc6dbd8

SHA256
08ebe1da76f1e0b3a62b48c690990c2b8c9c92fe62e803a7ce700c1824d6b7a4

SHA512
c72ff281f921a1b89497922d83d0c4ed59b5f363f9cb45db44de2bc916fef0fffdf4da53bcc370443ea681d6a4a8701146940a29c95d448479a351c8f498e500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d135a79fa55573cd3ba01a903feda753

SHA1
1c95ab0827fbf9a4527bc206ebe85115f560b8a0

SHA256
740a501db3d016567102bb80dff65f29d73be1c4a0896522e39c0a9024aedb0d

SHA512
9bcffbb937bcb9bd8e2fd56225cdf6e31cc7b7157ebdcb08eea865e6f7d6351cfcce474ff952fb0e988e19331d8a2592ce7d4bb8bd7615ada9b120dd61a34338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9ff4ad98729227fdf87bb3b1e190e9bd

SHA1
cd54e68f7e08504d91942c11fd87a403995563b7

SHA256
efddb856fd7989af6900a6f3697fc3c1c67bc9f25c115c7369721011c9214887

SHA512
d30b1437b894883db261aeb7c6652a0d2b06e54650d87029a03ab4a8fadd43164eb08eac038d8b4dc88a5597465d0d6bbcaaeb37b5ae6566e129b6421cf17629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
312KB

MD5
836b613339793053cf0bf8826da9be13

SHA1
f59ee2bdc757ff9e029b37603921e53a7396d5f8

SHA256
59ea69bbcc1b0aaca50c5d0084a2e572d26e0acb808908710900ff363878cea4

SHA512
768ae4d2f7fa787e10d63cd39e3c9585a20cb2104e9c638952df09021c8ee78c4a4a9886fac5662745be16046f0fcbc93c5985c2b6bd17ed7cd27a4fa3e89105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
bce77d03b52b94e1b6b1167f1a268a76

SHA1
8f8f5c6416a790137425a22c61b89d0e653194d8

SHA256
adfbac6e08f3833330dbef1535636123dd96cd0a65b0e3aa1e5b5b7e93744b16

SHA512
9407926b4705690c5fb4aac2f0df99059772046e8a9b9ab04feca4dc8cd6f29d28ac38be475e8ace47100ba1cb0c6c81ba6735358fd1420fe6a276e1757af151

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD645.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD677.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit