hxxps://wellhello[.]com/site/user/fastlogin/f1d56a765f6ce77eaae610449365b0d0/343906313?uid=289158894&r=https%3A%2F%2Fwellhello[.]com%2Fsite%2Fuser%2Fconfirmemail%2F289158894%2FtbwCwdVP%3Flink_name%3Dlink%26template_name%3Dconfirm_email%26mailer_version%3D3

max time kernel
42s
max time network
147s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/08/2024, 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wellhello.com/site/user/fastlogin/f1d56a765f6ce77eaae610449365b0d0/343906313?uid=289158894&r=https%3A%2F%2Fwellhello.com%2Fsite%2Fuser%2Fconfirmemail%2F289158894%2FtbwCwdVP%3Flink_name%3Dlink%26template_name%3Dconfirm_email%26mailer_version%3D3

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2104	2080	chrome.exe	30
PID 2080 wrote to memory of 2104	2080	chrome.exe	30
PID 2080 wrote to memory of 2104	2080	chrome.exe	30
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 2804	2080	chrome.exe	32
PID 2080 wrote to memory of 1524	2080	chrome.exe	33
PID 2080 wrote to memory of 1524	2080	chrome.exe	33
PID 2080 wrote to memory of 1524	2080	chrome.exe	33
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34
PID 2080 wrote to memory of 2552	2080	chrome.exe	34

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wellhello.com/site/user/fastlogin/f1d56a765f6ce77eaae610449365b0d0/343906313?uid=289158894&r=https%3A%2F%2Fwellhello.com%2Fsite%2Fuser%2Fconfirmemail%2F289158894%2FtbwCwdVP%3Flink_name%3Dlink%26template_name%3Dconfirm_email%26mailer_version%3D3
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7c29758,0x7fef7c29768,0x7fef7c29778
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2088 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2136 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2796 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:2
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3604 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3316 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3936 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4064 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4132 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3844 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2144 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4188 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3976 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3948 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3488 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4136 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3892 --field-trial-handle=1236,i,1579108498769737926,3617683584763373531,131072 /prefetch:1
  2⤵
  PID:1492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x440
1⤵
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
725921c6fc4243a0aef52aca4fdf8f20

SHA1
5fc87700b5161aa05ae75fa7d5a637919c3b74bf

SHA256
6f7851423daa3e1d9efc1b238796843fa8d80d89f18ce1db60603c6627198efb

SHA512
5d5f2d793c0bbb14462299d5fa06e722adb2704e6798e0291a451340a4cdc09e9372e200dc352e2850ae8fe2da8fec6aa4bb18233f8bd7a59d279d1da4d66e71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4c17d77735573e595f6b6b31ef82148

SHA1
1d530d954783d91a09fae668b32f1add668a1bda

SHA256
1dc1d748b84c5e16d2bbddeb8664cbcb1a523793fa6a18be2159a583f74fc72b

SHA512
f45e1c0d2a74255b135c90a50ed2c18f798753e0d6e37c5f12a737c0bd6f8fa60e887bfb049f056b2417b84a892ff64f4ac5263b915765a4539651b80731fdcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
349aa46cdd81d18465a41c4c0a09871a

SHA1
40fb39b15e4d06f587463a44a8ee2d0f7669c35a

SHA256
a6f78429eaf56e48125e2ac6a9a10c6bb020eeb5b2b3e799ff0a28761d80531a

SHA512
a241093137d1f45109036679fd43afbf7dd7b5c128109f6b1c4d8e1c7996e31a1eb57918262f3fba321cc0eef354e545689bee10b9ce325037b6744d4dd7a50e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e44e394b71e493131a6cf8578862c591

SHA1
2b1eb5582d6b6c4dcf4944ec72f3957b8ddf9e31

SHA256
c19d24f90080fa67386e1a3b62d302207146c1279c9f396c85aa6816eb43892a

SHA512
a0831f77e8c406f52c1e52b9781d06a43371fa4c2afd998ce6d2e07d8deacc090f7d7a28a0b9062f5f05c0cfb1d780a625236d0295533e61d8058ee892ca6fad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8129079febcab9f491412ddedfa16ff6

SHA1
5a4f22080719f0d1d3a8d3d12fc9b13b18d3b617

SHA256
11baff154b178e75088f20d2d9e12fd817844abf2f699dbae1a28bfbc7f41021

SHA512
1bfcf915940f398508ccd8f538d74cb46bfd3a9d68578b98c340e12e80d616e807809220064896b70f522cf2e8bdc4391984e759be4d9ea37b5878c8b04402d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcfed404e9cb389308f1a1cb1c518c60

SHA1
f3dda0bfdba7db6614886923c240d025f07b37b5

SHA256
6d49019401be395949a1dd3baaa428a86603d22721c5d577b35d89dd3f3d27a1

SHA512
63f12af8be2f05afd07a26016f07fdcaf8bc9dda92a521986a531b3ab84e596ed70fd32c5d444ae4aed96c2e2881e4cb64109f33dd7855994e0a7adc2943ca3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8f73a21176585f77c9b3072a2ac51b5

SHA1
dc63e0c3fcf7c181154200469af2150fe0b6eed0

SHA256
a4581e36ebbb57d84e19d01c7087d65a551be7d01d555e7410fadfe83d8d7f01

SHA512
26adda4a2686c2f4f4736559f94341bb860ccd2b180a05a50a84970bf72bf116289a15cec893a911735ec24c1507e880a87bcf021cc306036d344f515d75699d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
1024KB

MD5
ba55a666b5de3d1ceac79b49efcf33eb

SHA1
c4444e7ed6cf84561fab8b3fe60400f5383c5063

SHA256
f99e8a0b0b4889c82bf4be58d5f77322431ba6bb916b62c158ee734e0565948c

SHA512
8f7c80623aec6e14f0fcff854dc77bf837c77d24e45cfaefeb5d4d31fd0bfea39d14f2592f4c36e119443afcedfe673014ccc0fe306f31e2bdf45e858db5643d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_spy99.com_0.indexeddb.leveldb\CURRENT~RFf7950bf.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
619ea7a8679f65b414f1910b4fa85ffb

SHA1
d9c4d3943283f804e53414867b7d49ff79320ab1

SHA256
38eafad3831ca4e72e871d451f1d0bc0698d9fb0b30a8ed556cd8a24d173eca7

SHA512
ff5db3fa704b1dea746431be9572e3073f0a19176da1cd115d63007feed9fe5ea42aa8cc2259ce101d8be2d713247e18d2f3fd92bd7212da139ee8e09d4577c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
985B

MD5
75509a1aaf10e0942bb34f0991c32bd1

SHA1
2828e773082ff985fa7e52cf0bc272561e2853d2

SHA256
bee60a6c01ae9a79cbca7e10996093d413061ab3c0ed84ebc750c1f2558a7926

SHA512
b8c3bf52f582370c9a34add8d11a93ab2040e80a646eec333df60a52f0ce038058975c0d7a2e85f3a67d4dbfbb5817dbcd2de9105467f2ddf248e170f742d838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d737f274dfa9ee594e1b9949f97783cc

SHA1
c1921ff4f0125b58bab6877a8a502035aceeeefe

SHA256
3aedfb59387161fc89b4a7dc85e01c85a88217f549dd841bb133aa8856eb6ca8

SHA512
ca60912cb830624db3c4d6a904cc8afbc96e8b4b7bfd18d6c1a79b5596053875c11b96c15cf80f1547c4e546b264ed3a534322b3803eba011b55b38952c334f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
83477f608442fe682a491ee565051b1c

SHA1
2b31a2d547f4d2c98738a12ab27f0891d9a479b7

SHA256
f61b11f4455e1d0da4a198fbba75e1dacc4c2c15bb87c68e3ea28d44b3a7a7b7

SHA512
5e1fa30d6a80c869dca8a50d3e5ecfa79ad54cd66f7944ef2674fb19b33acf08a055ee22cb99582efbc22a6acb8a019753248c9ee9061be3353292c9d75c6256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
236eee094095e9319543eb7d91d7a3c9

SHA1
cdea0b973ae1755d0d437d1872e3a6b83a79d8f0

SHA256
0a8ce3028689f3dfc867e192fb636f79adaa7b26fe02cc44d25975db97a3fb16

SHA512
2bf59fd10627e2f422972b1ebbc480de0f851656bdd188f1ddcbf02569d68e1b3acdd42f083945ab8e38f0f7cfc62e44568dc999fbd695326ab0dd8a204cc0a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
01e7158f39e5b02591362f221066559e

SHA1
1ca4b834035a052fbccae7a382e3b3453a5797fe

SHA256
07e21629271b17111e1dad4709fefe2d8040dec4d8109bb8828b2f619082f4d0

SHA512
0952e12e397a8b357488b9ad7ea3b5cbbc27d761b45dcf277c4cead3d645db832743626dfe999ad1d457a857fb02005f361d84dd0a3d5810b06d7ee74cbef99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9b64d8aa562ec3f50fb7de1cef87a645

SHA1
03ada87f4a2cc8969f91c524bff7a64d6741511a

SHA256
b387b9fff85f54013bc13cc3020c4757509267d7386b4617b039b6d03bacf483

SHA512
092ada9b0907934222bccede52cbff35237dde2256df06eada6f5dfa86db1dafd536fb92cb25a115088a4ab079fccde6ed72bb7dab0a2d631f719dffb5e615dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0aaad452e68147812d6dc0cdefd816e2

SHA1
0a36b98e9819903cce67af5a2a812dea4cebac09

SHA256
58cdae68b2e6b62893a29f87f00c2f569aba9bb2a41b2e1293ff0960f3863a30

SHA512
41f0c43ae63817c655271f1b70ab7254bf8ba3f83cae994fdf1d67336cc6b55c3f900b76ae13e7b1111fac1d86da428425303c5cfba4caf2f94e7f5d6e64937b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dafa6fdbfb8b3d08ee9bf52978c15cf0

SHA1
3b140e44295ca7dc820df0a29c5ad43e4cf1dd9a

SHA256
f4c865dc1714c2299ff5c31200b8be15c30cc393afff2810505dcc4b5f329d0d

SHA512
0962e8d4b83f8e2487fd201a1dafee7d2a8b3f780f2b7a838827d378de7d1256794b5b273a9c7272e135fad4344946c0058ff52ac1223786416a813c938f4c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b974fbd00eba6a6c11da4c413b7059a4

SHA1
4296f306fd27248608b3845ea133180f8e0cb9c7

SHA256
ba731731f91ae75d8c8c3e09ecc92cf96af2a454efa80e25d1b7b51c0703b07b

SHA512
72de46802ec9b70fb7a454a90d7e6ee2f85a31a11689c066f2db947a12f3bf788fd58906a0a3b6ce1d2a985df789321ebe428949e975307ec9791b12e01f3460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
11f6c31f77c806b01e0a3b0e2a7e96d7

SHA1
4eeac27b5cdb910ef5e966b30e8c86fff24e7bde

SHA256
f9866c9024674c6ce51f7302b7518eda84a684b5b7ad0bb11cb0d3d7f47d1ea8

SHA512
b92c4762918b742fad70464ad97544fa1d33540d6cc69954fc70edad734809a8edab218d6d1b78ac32a9c9496fde1cd3c56ad952795dd4518696ffabc1655b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab50E0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar50F3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit