ea8dad68b3460f631b6415dcd99617311bb3d20e0948684854f6e9ede545bd15

Analysis

max time kernel
1799s
max time network
1694s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yt.png
Size

204KB
MD5

5d9527ffcf3e4345d9f35babf5de5a98
SHA1

081f07ab5d4e1d7f1c764bf4d7a70ea84548b8a4
SHA256

ea8dad68b3460f631b6415dcd99617311bb3d20e0948684854f6e9ede545bd15
SHA512

8caaa08b7ba544a4629c1d49933a36b5682ea663a7dbed3a34862d2361a086be553eb60bece9f6c9a8b62c09f82dfcd3aae690eb6af60a432cc9320e8ecc3669
SSDEEP

3072:ZQN3DHKIFdOoy9zmIOn55GjyDo0KrHLQoJ9RLfhmZfa73dvrU3ue8NBBeDWXl:ZaDHtNsj0jUtHLN9LZmZyhvrYa+Il

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1200	rundll32.exe
1200	rundll32.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2952	2160	chrome.exe	30
PID 2160 wrote to memory of 2952	2160	chrome.exe	30
PID 2160 wrote to memory of 2952	2160	chrome.exe	30
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 852	2160	chrome.exe	32
PID 2160 wrote to memory of 2944	2160	chrome.exe	33
PID 2160 wrote to memory of 2944	2160	chrome.exe	33
PID 2160 wrote to memory of 2944	2160	chrome.exe	33
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34
PID 2160 wrote to memory of 2808	2160	chrome.exe	34

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\yt.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7fd9758,0x7fef7fd9768,0x7fef7fd9778
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:2
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2172 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1260 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1160 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3712 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3560 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3512 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3944 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3816 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2416 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3512 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3940 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2708 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2292 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2264 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4000 --field-trial-handle=1252,i,6645847454541873679,6463087635385402468,131072 /prefetch:1
  2⤵
  PID:1428

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e737935244aff4fd920dbb86a19513a0

SHA1
7e45d0dd56869c0197590a68d527c16f48324f3d

SHA256
a6fee169c7918d52725eda972e2cc8ed6d4345109488ac2740b01e0d4f4bbf1e

SHA512
275ac4b09a8544b703b417f847734c32a2c00a024364a497fe1b837a6b1fd6ee2cfc8c8963e55ae93987a89137efe17c0d1be82331a88a27f005aee228e1c6d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb023c8b997f0c0775be8303ff2eb0d6

SHA1
5bfcba900704be262822416c55ad0cba01dddb54

SHA256
c5716b937a216cdac1b56296d5874b0e6e9640944e7155a5a8623e9cb2950b81

SHA512
26c6b0724cc7b48a11bc9d84d64af684cbecef66d4a2df6f2394fddfb4ba85cfb56d93c77e5049aa75deb7ed5d6050b6dab15a4728959fed436ef78b2b723224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d62c664b55bd3add8e23fc163617d226

SHA1
85308a7b283e4db13b3b3e5735ad72b762d03b1e

SHA256
eded27e699742303f8de7dacbabb73d36a89cfa110912b43b419b09f3aef1bf0

SHA512
2680f80a289e2f1e9c8bf0a1886bc6de676c46d4b342df1b3ec7c5d84ef3993ff91e1eb75553ef713a66424683ae4d02c708ae9f53ec200921db920969518be9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58402a9e7d2cb3ea18e0df0687612427

SHA1
0418749aa395298287dff8aa0518bfa156cccbe6

SHA256
907438d545db88c52be4568d028ccf308fafe10e9a8f8eb6fa2f26e7f4c3e2b9

SHA512
11245d15e57ffeb3b2f9c335ca293266c658342d93a0e795222d8cdb4e65ba8545ee6a8532f4e25f212dd932fba251d256e009d17d039c8ddc2ede6382bec5b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eda94b7ccfb7474f2bb82b0adf1aaec8

SHA1
7405a205dc36fbb5f313f7b5620b73a27cce2705

SHA256
4d2f230b1074a6919d7c641a4b38b02bca4c55ef042c15b52cdf01cb46de5b2d

SHA512
163e8dbee2ab8c0b6343962c61c4b14717d6553d74802923f95fad40940e01813834b3e829c590f6a7e0d9441121b561e400503896d32477a4ee71e4ed321693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe9e3b8a5937d2bb104130b3dd4ad719

SHA1
e7d1ffcb6e6724658e660d17594f10d94e271935

SHA256
04dca3b93fd75e4b0ff76ad153d7ebd4c04553a8e3e0996a2b6980e1674af09b

SHA512
e7899a327670cfef3f23290422ea59cd0c8456c8e03cf8c60b187d783b7c1bc49400ce66d3f7ebfef389acb1509ef056d1813e4fbf8e71ec0d353e129b8314a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
8ae5cb7e955349e43981340913c683c5

SHA1
6457bd98549a8c8a79ad13d3137f6ecf2f14bb4c

SHA256
c6418fccd3bb78952e8de4c24bf4c8a10238db1299424d7c1e5610612a9f4340

SHA512
f1558b3ce2178bf14b0397708327a1e72dd38821e8cd6bf14bdab27d8c50e8df95978c7b6f79a4f72c44d4101d4c25bb07cc752bef447b65f1befdfcb19720b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
312c0ab01a7dd412eec9f12e767c3da5

SHA1
589f60ce2d1cd30022e0a4a51abbe4a7927267e9

SHA256
6870ac3869a136593b029e721db8a71aecb79088af81a4df5eebec94138fd54b

SHA512
00b24c5ee86135719188bc5662916935191b628a3432c4003e0ca3348a67e9874098613a782c2862c244a760d84a97d8094aeb571f6e4e1b023136ca8f0a3013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
908fdb44b86b2427bce1353c8d968eef

SHA1
c39dacc58fdbc9551a99499d8b8bc6950ab8f188

SHA256
dd482da81f31686ac26166cd680ef77699ffbe3de950f3ea9e90a452df1aa272

SHA512
fffd609126323f0028c10f7078a8d76f0e6a437c3b8ecf703ce1b66f187bf1e5f1ab44bec472f0ed5aceb031da714326546814151abf1711369e28929cf35bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f10c1d07504b6eccbe941fa6b817bc75

SHA1
3e2185cf98f2fbddebd39386910cc08adbd838b2

SHA256
27925463901ca7f128d7747bb188c19dd1c10c8f98b93d9ea76b46ac3b20eb35

SHA512
1c72ea0b705ff5d6f1c02d7b237e1fd0d262830087a79a65c4e71276b1abcf149d215d2c3ac56341e8695a8e85f5cf454ed0f8db5d182587d8349f6daaf6d7ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
a92fd8355730495b0f9f6b48cd4c33d7

SHA1
49a8b3ce2b4f3737915c1638def8df96615c8dc8

SHA256
a7e738bf1f1e201d8c2bb7c57e1a871e8e8ad2d90c36705abcac6a55e3609ac5

SHA512
d1f5a29d7e574dadc2c33f5a62fe7ee9d9c3d17abb60dbe1a117bd3230efb1706a6e612ac6423c927d5fd5fc37b04e605a390d2f2504081e4786dc8600c9b099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
c07b41a5d1569af2c5cf818c2210d046

SHA1
dd5a7d5a3d4eefeba2c097d0d3d2ef59a1a06f52

SHA256
fa166e687093b972cb9fdf90e23c05309f66e48c3bfbf57176f37fa28f7edaf5

SHA512
4d2a1afc4a6a74357cd06fb356f1b7b82e7932e55d2d6053a5e7eb74add20d607a12d33e37b41971a45f82345f7698b3502fd90f14dc6c62f56ba65b24d64941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
dc5bd6c7344d96f3ceb79ac4e071ac94

SHA1
ca6cff177997d5cb53524432d3aa7c9bc88c9861

SHA256
e19b23342f07c0b447feae02d1b20a0bc39f6e89eea7938848928655ce2ba5a0

SHA512
ee1bfd06b9341e2180930387a69bbddcdd2a726e940dfd8234b7460237cb73b49a8f241d31121b5ebcf555d5f69dd69c9b29d3e4f9ba96576f3d13013780901f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aba955bc864efdb9f5620450226280a6

SHA1
3009f592e2cab5609332c0a4ddcfc59cd67c2632

SHA256
45dcdc7f4b5dfcfaaa50d740b96d6daa75524393ce9fd8e888e510baf0a69ee8

SHA512
0970ba45fa995c5570287f1f8410e7cc7f92b0f91224f4a4796e9245999b138c80ff5f4a5edc76280470c33996aec8b4efd5086e87de0a6f7c6a3447cb35c92a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2a1a7529a1f1ef1510b2ed3770062660

SHA1
af18db532d0e129a67ff525465f1c6ccf6eda568

SHA256
f3997bb5cc2357fec0f8aa74b15777ad5f303f41e71f61c80dd324144be4a039

SHA512
82ecca1a6f20c58eb8cf73d32a0a8c7b62c77475222c29a7bd15ab51b5e802962264a0f8e3bd737cd5a2e5d4b46ba321100cbe54a6d38a3083b27121a1699980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75530a69d2cde93f11521b7b4d27ffbc

SHA1
4becf67bc789818cfbeb80981b0df87dbdbd91d5

SHA256
c5cf3fe140ecfa5a8207815d9207a169b65a700e99c577d7678ce21281fc6a48

SHA512
21f6ba60921b62ae7c22c189d1875775fd7ba135fe7dd690929368cd28a4bacb05691f182cf7be0760e80938cc20b3d04ab951f628c363ace91fedacf1e21251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2e941e086afe75eb009b33a4ad37f82

SHA1
31515ad2045dcc7c2b3dc07a8a13572d53f3f600

SHA256
3a48d9fb8610cfa2fabd7cb376be458fc7a507cfe71134074490b33d1791d32b

SHA512
ced9694d3756b2d363f7e9d250f6a02aabc41000edebe41707329ee805b7262633b115fba57394a0b4be7f4c5fd6588774230b195c753296e4d3de9563cc1a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44e4655caa05415545f344387dab1299

SHA1
278c9f5c5e16cb0e1010cab9e08ecfb73598351d

SHA256
4f56ccf11109b089f3b7b6c94973867e1d48ccbcba5aa5892a7f5c7b948745a0

SHA512
71579fb7572e9d65d91fd41a69062c2c3ea7a12098c1b92e2d298a1283f31e906184e7d95b3459aa3ddc72ac476a417a150d2d0a70cf1e056f123a2dbcfea79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
317KB

MD5
ab603b2c12dcbe184bbedb7c2a0c34f5

SHA1
d44f905b89b33185ffbc23321c6af8bd927fdef0

SHA256
eb61ef95ae17ceea2ee7f89d359b486fc659b011e3758e6f4e8bf8e9b59c1102

SHA512
fb0753c896b88ad88a555210b88c2f91ef70fc2c7e35bb57f544e0ed15a0c6ddf8c7abd04ec2eb0f3561fe84076149da5969b1a247f4ca55700a898c2c38b900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
317KB

MD5
781f7a49e1e74a2c4a628747a8c0fcc7

SHA1
b225f814c4242c80bd9d649f4ed50c0e41655a63

SHA256
478961c82ed37c630b3fed083c4159ce6a82eff942ea0cf3aab6e64e389771fb

SHA512
d3c710830ef0b7c2fc7b7268bbc11cbb56f73d89e51eae648894c2de3892b65635159d3cffcd79ec9804f18593d83a94c1482cd5b1e8b94032882537431da061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab48F4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4A3F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1200-0-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download