hxxps://aimbot[.]dev/download-aimbot

Analysis

max time kernel
440s
max time network
444s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05-09-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aimbot.dev/download-aimbot

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699822220280127"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 872	4668	chrome.exe	74
PID 4668 wrote to memory of 872	4668	chrome.exe	74
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 4432	4668	chrome.exe	76
PID 4668 wrote to memory of 2292	4668	chrome.exe	77
PID 4668 wrote to memory of 2292	4668	chrome.exe	77
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78
PID 4668 wrote to memory of 1620	4668	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aimbot.dev/download-aimbot
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd62259758,0x7ffd62259768,0x7ffd62259778
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2800 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2808 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3360 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4764 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4472 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3356 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2992 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3668 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=864 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2888 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5336 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5536 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3804 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3748 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 --field-trial-handle=1848,i,5492340495405254991,10768702807078107546,131072 /prefetch:8
  2⤵
  PID:1500

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
273aace4b8b6b3cdad35c3a5a56be523

SHA1
8a627c39b181d6be6db145c00046006d3fb649f2

SHA256
a4645e55b5e204ee8dee68ce7f0a31482cb5358b8bd0ecfa28e4399b1ba503bc

SHA512
f0b9df858a906b9fa692e867572523bf099e2f5d7976c2ad717a0be813a163b1554b403077bc0fa5c034fec92a4eb076602b736b2d58c38ba01cfab889446e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
15fa0f162a57617ec8959c4d2a2339c9

SHA1
803b378a3cfbe4a96f79d2e2055a438767cd1053

SHA256
a9c5a21afedcc9d02976848593f3393837b96abaf8b668a2b8dca36c21ebfc56

SHA512
e7eca1fdd72beee7cb761a1a78a2fce3f2489a148ab12e5a79a3cac3ed58ceeebc83c5ecfa75816c666b96ea935178ec122dd01465032d42e4a0aa9da605ec19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
052ee05459300a664a0acd638158eef1

SHA1
bb5b9002b20b2974358b367e8857f4147526ec07

SHA256
14afca44af1e0596ca85a604d5a9bb383586209240f33f461e03fb38872eaab9

SHA512
bc93cab3bb9a858a0ede987193c44924a5cbbb3e54d82e9b40f25825b4bc20205fbc8dd4ce8844530389ada82a93f1a15bc4cae20ba00c76073a5f54c284bb52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6630c9f744f8d60d2b203140f55b2a58

SHA1
b982c5b94441d4213a44258482cae350e4c20cef

SHA256
65cf072f1b4039b60836a1ea691b8f09d42561b844c35993a1e6eb4df1c9d8e3

SHA512
1247723bcad8fd6cb2fc9ad4106a750fa1bbcf2cc3bffad56791105be13218bc444e3a6034e62bd31e3ab89f8716174c423382737550a79375df19e3ce57c0a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c862734dec3e4ab9ac663c8aa86c685d

SHA1
adf8fa51b7bcb1d137e3852f081c040fa0501f43

SHA256
d474d5e1450c687b66343d59c6a2a5bf11ef336091a78406d25284232bf81aaa

SHA512
3187a63f2eaf4956a94be64d3a8932c24cc8f9f6d7120b4ae722f2c6cebd9a40d13e4cf99d57dbf9892cfab506b783394ffbe6f0eab27da06c22d5031f5b2858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f8022c54bd06ad1c012df1fd7090b01d

SHA1
db50c4dd85ee87398d0d0c0abf6c75fca49ec684

SHA256
bd9605e1dd958d19e8277bfc5166e0910af247fcdd5b3d9798fce1aedcf4b9f9

SHA512
d97b466caae45bc4bcb530b0118b1ea909b341915a8be8183b8842e613ccc04b3995cf8df2fd5ccd425e34b4aeda5b55a93e7e9f1b36c0915871989e1682a7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7f018de5c1df43b36dbe17156726aff0

SHA1
0c834488ef02dcab3de12311f78847dec0ef3617

SHA256
fcc2ec58f08007c38cd2b3acfcc4ac886eb3b14d11661d9a79fa8402e4cce9fe

SHA512
7d3037fec5601aff860202780fe2c29a85d449aea9df335414717768973a616d1c78f220abbbf57593fe4444ba777d06d4e5fc8f430c3abb7f5b77d6bad1e31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
4bdaa7375c2d88b02e782f9364391453

SHA1
7cdb0613dd9eeaca38a97378126ab8612ee0d944

SHA256
90bbff62ede7b160d77beb963ff7a9c1d28d7ed7ada4368c6a5579dbe16aac6c

SHA512
40a52f74a0bb7d0342907fc29c9a16be1ccdc2fe81338c4137a86498bab586da10cc9e8a6bb185766aed6fb971ce9742bd3bbf1178f38608a1bd68405754fac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8d2bf1e466c4404b711d37d1f96b65a5

SHA1
46eff23beb107acd88ea3baacaf41e2aacd89100

SHA256
a231a503802f99606b9999237987c6c1d513743da09273b5f318c67d0d3b6e64

SHA512
aca72a755e4a35af6aab637aa9512aaa4b51ad3eeda158eb48569540aaeee6b291d85a9124a3b5cfe78f70657537ed16f6807ce21a7ada337f08f4fa58ce9187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
77d15706a185a794c6bfb2521d6a4b14

SHA1
e829340bed2a9fc6332925a16429bc5ebedc5211

SHA256
39af091f7e8d5ec3ad2a8a78d2e60498ffdfc44c13f02b75feab018d395cbf7b

SHA512
c2c7ba42eaf3e56f462ab51603f90f72eb91436d88df67cd81fd635b804e32f60e0e058707cc74baf43fdb4c4acf66ea2d3218188c3cc957cb6d173138a9c49d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3aa6c040dcebac8f2a99ee3b8e5a6ba9

SHA1
43cf85cf66a3f1a9993af9592e50529f31f7769d

SHA256
5f2bdc4626157d6c40a92d5e58084b5f146ca2fcc24c3a7a4182cc60469f6e5d

SHA512
e7e02ddb7ce4cdd5f5c8c50b8551cb0f8a082f7fa563822f8807349e43806b8f5412d1a4e253fa63e9ae7b10304b2991dcc861357b5021f4522bee1cfd5a3049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a4d0203357595f067e2056905683b3e2

SHA1
f249520870790d86c125e53340810b8ea10a22f3

SHA256
e9b1e830e438006d7fd39138451194a49a8a238a43bced8786df34290421f6a0

SHA512
bd453d392a844b367a43c05850aa05e926215e9135d3f7864cf843861591ecce7b4ca671085e34941de38077756bc9ce56daf21a74dece4379ab4a7d03cbea0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df3fa9dc6dfae208d8e242dba4f2cdcc

SHA1
d896f0bd502cc346a096066f54eed198827cc701

SHA256
3b6d9fdd2e09bdfbaf693fecd41cd0b79dd6e2d14492e0dc137a97d34ae5c49f

SHA512
d4e3c46b511aacb5d1f23fe39d59c28ceb057b3656e64053d19b969ddd15b79ee7c33d12cae34afecc71d17f11192a32e1933626a3ae15c344c0f66f37f86ab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
31a10c85ad81f8c01b7a0ddb4e737ca1

SHA1
e2af8d71c36a81269b64f3df33d79c4fdc61781e

SHA256
d1f9edeec10396327ded4258c2d7f97711dbb1a5158c1c140d97ce46d33f5a07

SHA512
cdcd08e91554fe689a1e68a59ead481fb45cf0dccbaac4ad8883d28a5ee15c529448ce163d6168dded9f2332fd94091c3a7e337399f4a42cd3a7f6e6ccea8175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4412effd74ee442c6921c5b01c3f45ba

SHA1
054980dc7054a3ec403400aa127779991eb14b99

SHA256
1b7aaca995c260ed6a421e5258fad42a54c8dc2e9eeb5e89ce080511295f0920

SHA512
83fb0addadcbd606cd399904c7a0189f57818f282f4fa429475b07bd61d6dbcddbcd8d03e4543fdee195e57ab1fecd86685216858160a66dfcbe1f1d93d7883e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad01f8648b5b2754474333f043193b64

SHA1
5b14891661f9e9a534bc1c4d628a63467ce996b3

SHA256
951189aa486e1cb426dd41d7f9895f6743aaf9cae73aab83d6d0d1b84b58ae04

SHA512
41ac9a78261d0471eaf183c611878ab039adff9b4cc6883a404f814d8d202e162e95def18c2655a5bbd586afd7f9256adf6547976f44d2a3d9489f4478e47ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
e1e60c1ba838b0d654e6997b5e4196f7

SHA1
74aeb2cfc700c72a5c0a30a2915a329d31dae5ce

SHA256
dcbae79e433db04b1d902cc1ba1cb46e76b8d48fdcfd4413238a82cc812321fd

SHA512
680a62b820f35fd6c284a5798a5744497a306cf0dad892421e8cb1b7d80fc0decd916cb72c99c17144ba5e290306dd29251d05c638e7d0b40b4b27cf2e28ece6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit