283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

Analysis

max time kernel
299s
max time network
304s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
12-11-2024 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WannaCrypt0r.zip
Size

3.3MB
MD5

e58fdd8b0ce47bcb8ffd89f4499d186d
SHA1

b7e2334ac6e1ad75e3744661bb590a2d1da98b03
SHA256

283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
SHA512

95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c
SSDEEP

49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758791675906925"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4880 chrome.exe
4880 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

3452 7zFM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4880 chrome.exe
4880 chrome.exe
4880 chrome.exe
4880 chrome.exe
4880 chrome.exe
4880 chrome.exe
4880 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exechrome.exe

description	pid	process
Token: SeRestorePrivilege	3452	7zFM.exe
Token: 35	3452	7zFM.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

7zFM.exechrome.exe

pid	process
3452	7zFM.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4880 wrote to memory of 2072	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 2072	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4392	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 3852	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 3852	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe
PID 4880 wrote to memory of 4748	4880	chrome.exe	chrome.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\WannaCrypt0r.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff795fcc40,0x7fff795fcc4c,0x7fff795fcc58
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4332,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5004,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5148,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3220,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3476,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3348,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3424,i,5269348058386505597,5868237871324632915,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:3020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c7a4e869f732ec660468d50d3aa15f11

SHA1
0a193c1aa326754f3b9a47dacbbd852245c484f8

SHA256
daee8f4c1fdcdb5cbd9fe7aed06f0bbc023f0cd8b24c297a540ba3cf4885725e

SHA512
86d52869028eae67c96d02694aa27c6f6bec0488d549ef2749d0a9ea196421c5f3bda586c7cc7c13ab1943ddcaf8f20ccff86357be12e57733f67f2a46a6bb0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
f85da43a4e79d625455fde285acba039

SHA1
4c2465f44085f19e560d931f1f9f8d3585b8e1d8

SHA256
a46122b2f942ce3b7d7434c746a813f674c717a5cb47f87f9c4e5637a87a4faa

SHA512
fcf9023b94d8c8a2197c5ed88c72bd8a6681427c2bf1ab7df8c1b781ef1495c0e871ed552d44952223fdd3864b1875bd64ac915433a205cffd5c3f6cec6bb677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
03261f33ded9f5adceb5a36b81f3f727

SHA1
b14097f75ff18f1226872c72735363667a09c5fc

SHA256
e27e91b5ee81dfa89c7044df1f8ac5ab0b6a955aa9b5a6eeaa8d39d5b2e5f4d6

SHA512
804ae03d3198f4c8307b96911d0d3d451a30f7843a654f841f8f9108c4e8597c4e90b179e81af88498e7fcb8b76f12e714201545c767dd8393b34ca2d35c03d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
36c00d24e276ae8e2d9ee05a7e35c5b8

SHA1
53a9d0a9056de103a9c095a4e04e99af4369854f

SHA256
812436d7ce7a1f7625257165e27072fae7b521cb5d465549940cdd7653a6d85b

SHA512
2947d99e160880b6bca65ec5485a1789fe298f914800c4113696d8325676c93d37078d9e6e9b444b1f29d8e254da431a90d52085ebe2bf0470f40b48bea17c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3257170c66cf17ba5ce5677e26519664

SHA1
fcff5a8094e3769ddba578dd84ba31a0ab57b976

SHA256
889fa2fa369760042297eec03720780891d9966df879d9d100dadd7bbc9c805c

SHA512
4531ae914d1ead586b7e09fa7c1772ec426df41f73fa20d6c91a55a4a9e15d20703b9844951ae10a26091b1bcefb8d151c3e2e072c1c5b6d35bd264e71636b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
be53ba1f8544a040bfd02a93567893f1

SHA1
6fa29cc00d8f29278eb6c769f41907c80f9fabc1

SHA256
9502e8b1e65abcd7feaa6736917cccfc1ede51f750318fcb16d0706598f7f869

SHA512
e3b46d7da7066f6f4650acb1e8a5ac35e8ec82cdfd3cbcf0453023a0527fe19c59a6a96a2cff1c67adc189fabc198d9f76b2cef6f263f234497816cd51954ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23647a17310135f4999df03bc52fde43

SHA1
3c1665b5706e71fae47253d758cc02b1e188bc07

SHA256
1b4b90b9a6ca2c9a2c9e0290f4c11fec9ad30f5f26b1b313026e3ef379ee568f

SHA512
2777c9f00ef9be3cbc51d2083739162052198e34d560894a983e760c4e5bbb53f2c49aa2dd0dd7cef1c7c51a402596858629718ca5cb179b33cb8ca5e6819628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2fdc11ab1d8851a53ade15a08436a9c

SHA1
1a6ab3ce3565aeee5a153c310a8aeb4e0c06ad93

SHA256
cfdb6ad6b40700e538db4aff628b63c97442edd8957309dbd7c3b606f39f2cb3

SHA512
93533e675d06175d8aad730c1f13da7d164494007724c2bdd0df9ca74992b5fbaa2bf16b2595d8875461868f39566d9d059ff611db565495cc6b862fd528d456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
17336fae2827b8b07c1a20d3a69b7f5d

SHA1
232882e0047f4036271c1e82bee17985d2aba976

SHA256
5ea59fc0296f19ee08f4d82e4a4546f1201c83dd8ed519641088c62af2f1c528

SHA512
a85e182d95ceae3926fa2fb98c60513057e434b803cb499947270e2bed8956953838e87707c3d469b45b11b2fd38f59c4eccf2797a0454e5d111b69c5a4ed1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9500edf9ea841eca93944c8a6260ab0d

SHA1
0d7aa46cf7797b0f4128b91a4801ed91aa07b415

SHA256
4e9b741f5ed287f10a6be46e75024999be6944487c01b8b7d6fd8e720514a144

SHA512
9b74ed56091e52ae0e97d931a14d07884d13704e3a174e67ed4e5bb166f2395a6f9de2884ce30ce91fc8f80a6a4f53bd1333b92ebeb6bfa4960d34ee7a041063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0638aa18f6a9999617917ca983ee8a5

SHA1
4977b81e68f3e85cbe15516c8da8d87fee632ae8

SHA256
7a4aebe86fc9c34dc8aa8ba7b89049057ac1b71b648b19f8df63501329f58030

SHA512
32530536c0821224797dbe9acdb280173b004b47e380e0b223d93800130ca18286124c799c8d39385a39960e99527be8b3b242c03c77c498427c02d28fb55481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5c5adac3fa73264a721e1ce561eddaee

SHA1
93cefd3a90058970d7d32880c77b012341b41fe3

SHA256
c3e0c06a8b3d90600e92e2f387c35155e33afece14b32d7874777c8332650286

SHA512
60c7cc258cff6f2bb4a400b3e3269502335ae03356df0569bb640bd707e2753c1f697ee0c6f4bbec1d7d13bae360625e9c2079a815493d60b99194595594f804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
903a4019a35735963e62d7f14b489836

SHA1
4e6c9578cfcd77cf22d02a1bd795f6eb303e57f2

SHA256
92c5295b4fa1b552f5db301bdaac318ee1ba53f1ca192b59872b58b429153443

SHA512
4f8e04b8d305275f6d301cfc4d5f7b1781ef7b362102f4fada872c3c3a0162cd572c8d66246370ff3174f0b9373f810dba2f947ea1736372f02e9e6ad260d848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
9fac35f864f7ec8cfb2c744d382b424b

SHA1
bdc8b88d2b0473a74989e0884ef0aea10200ae28

SHA256
050471eeb8904087c71480d183b6d1ab0bfadcdb441a608c6c2aef730868a3c2

SHA512
7e918efb6f8d25ea15ceacf033916c65fa2c7d50b4e49e58439a6e3bf84b81a266e19ed795800ab4c21367243b7efcc5d91322553ce8d6af1313078c7d98d225

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4880_UWOAGIEKMZQKPJFM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit