608f6215555c0abc53ef63d692d92c1232f1136069820052fec6e2f142e1b40b

Resubmissions

06/03/2023, 02:29

230306-cykr2aac74 3

06/03/2023, 02:24

06/03/2023, 02:20

06/03/2023, 01:55

19/02/2023, 00:57

Analysis

max time kernel
62s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2023, 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1941473524/project.json
Size

450B
MD5

7146ab51e11285afc37ae393a0c8fe85
SHA1

ece6876509c2a9ed0c969488fe46dd889bb813ec
SHA256

10316bb552fdcb631c19485b0219ac02d9c7b2e703d41f62c2a7bbc8ddda0e36
SHA512

19d541a8c3690350ab08b30ffcbef441fd9b3c2b08592d1aa86c1b81dd956f3b5f2900da78c1d293e14e46b55c9ab757ecd59f19547785a4aa4b1999bb58d6f7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133225464934673663"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe
Token: SeShutdownPrivilege	4680	chrome.exe
Token: SeCreatePagefilePrivilege	4680	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2080	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 4700	4680	chrome.exe	96
PID 4680 wrote to memory of 4700	4680	chrome.exe	96
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 2476	4680	chrome.exe	97
PID 4680 wrote to memory of 1336	4680	chrome.exe	98
PID 4680 wrote to memory of 1336	4680	chrome.exe	98
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99
PID 4680 wrote to memory of 1560	4680	chrome.exe	99

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1941473524\project.json
1⤵
- Modifies registry class
PID:1288

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb362e9758,0x7ffb362e9768,0x7ffb362e9778
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:2
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4688 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4856 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4924 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5176 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5524 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5264 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6220 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4812 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6300 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1832,i,10486432348630627912,6785469277675897016,131072 /prefetch:8
  2⤵
  PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb362e9758,0x7ffb362e9768,0x7ffb362e9778
  2⤵
  PID:4236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2276

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1e3fb27c-32b3-475e-bdb9-e58fb56f841f.tmp

Filesize
15KB

MD5
842571152305ca01eaa093c7ad5b8a09

SHA1
a6e31402ceaf5b8b7b20d87d60de8ea215883f91

SHA256
bbfa7a6f40802cc60090de163cbe3188bf60a1686286239624cf4d0e675d6b00

SHA512
b818897ab379e15b04fea18f988a4b577e6267352078418e0fdca182d1c2c97c9a70c018464eaebe2a583351e5f9329bf6daea9533b26519e65c11924ac28f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\765f4dd6-ae40-49bc-85b8-2443811e5ec6.tmp

Filesize
371B

MD5
0bd4f99664f96b46eedbde6408acd94f

SHA1
a4e3343efc41234f81db666c84e0af3d8a858b70

SHA256
054b319b0bdf528d3d46841b89a363663092f2a5db2873f99a2416a7b71759cd

SHA512
ae0c08ebad8180d61fe82579a5b3c14c346e9bf056843723d6133442aff44b7c33d8acd5ecd3d618bb9979e375e32aed221241cac38b670dfd81e01f57e64073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0f4e44a0c64b09217e314abd7a68ff80

SHA1
53baec57f068578ae197c2273aa7b40acf3342f2

SHA256
dbc0bcb09760ecfa2be87804a9fccdc027587b8c706da647636f272a5f3770fd

SHA512
2a02d027ade63b799beec0c3f5ddda86ba6addee990168f6611feed0a11471ca6b0dbe87c7e41066ae02ff8b7f997da94d01cd3d5ae289f1d116996640cec3fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d60811d8ed74143d5549e9f09e97ccd

SHA1
130df60640fc4c731ecd62ed6cdbb6d5070b867e

SHA256
8fe1f442c280c5058858996ffa094bd15984892e895d53669252ddffa2d676cb

SHA512
06f65bba9afdd800eeb1bd2e994176a13c3b1edeff7a05f0d79374e0b3e2cf862559ed1aee8c365039a97452638251ad40b621c4e179330f0f5f630ce99a931c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b119085cc3f1f46839a29ba2fc8985a

SHA1
f92872f20f7bd2aa37ea631187c6257c346b32e1

SHA256
be4ccd2901f5b2d8ad6e43c348c5d073a367979c52b6cb79ca0b1a5a1a899b2c

SHA512
70d99b8cba93cacc132f1c71ea70030e9951a621d8d36f9dfd17eb678e6156e42a3a7b56fd9e1d9271240a00a2ad70fe22b330081a21b48c594e2243627f6637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\90f6f79a-b936-4a93-a3ac-b26ad03e0aa7\index-dir\the-real-index

Filesize
72B

MD5
113e4ec43bcce474309fd0bcef19735e

SHA1
6644c85a3fd321b096e04e30c90557886937da74

SHA256
7f23fccff637721539aa8fad54a3584671f0452f6940916e8089d566cefd3b31

SHA512
748e2a5cc9b5e48ef3a0e20c7d72820ccc27bf1687565d5f8ff7e4aebf128aa09dc232b1c71300ec88df1cc46a57904e1cfa09ef0f28a9d6799375b4ffaca12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\90f6f79a-b936-4a93-a3ac-b26ad03e0aa7\index-dir\the-real-index~RFe571d4c.TMP

Filesize
48B

MD5
2addd2437bdc10a5aae2327b50e161df

SHA1
69eb485d9eda757d22d271bcfa0f34eadef47e50

SHA256
7ce5b74d882d93df8a16dbef517fb7d76ea07764e4ce400857366b39e44cc31a

SHA512
82c18c66574dcee50400a48b40859e696c5f078b242e6fcdad7a2e0b118358ce7edc730337c87d8c32d16065664f44389a4cd326ba3f09296f744da737986a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
2c0365bf623b70d0fa76a6fd5fef3da8

SHA1
ac8ccc626db7a662527207b0e5682fee0582abaa

SHA256
c96f1eb0a68d46b82c8458c6be584221fb5efbe7f9edb0d643ec3cf855945c90

SHA512
7b11365dcbdb47bccabee5a9343455c7573e930394a816acefe6706d694c80cf68a4146162664138fa91026da599844888f9707c3e07f02fa7ab09c91e235083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
de98a20b6eb2060cffdb5342aafed42c

SHA1
cf85e11329e0f781b106f83a7632792030cdc212

SHA256
2c747b6b03e5fe079f37bf944ba10ec1dfe53ada14b7a2e1cce7c2ed21f54368

SHA512
394590f5b962a2faff15bf129c82252720bb409352311b1d5dd55fd3bffaaccb0080f2e264be580eeff191b9d5df3bdc8fe4881c384075370da9035eb25d8a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
7eee67a14dbbc2d766d4097c804c6387

SHA1
779373d5dcc8dcc0c02bf46d1da68eca5eec6a8d

SHA256
5f9de3dd066522e187011dc898c5902a24bc9ca02cbfa3294530bc03af8baa60

SHA512
f46a6802e4b892a828efda3cf57bfe3a22295cc3dffadab7c29bc99221f15dead804b6fa2670046ae08792ea46cec100fd33df2fd58242f703779f590c1cfd70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
d2a6e248f185d6731879f739a328533f

SHA1
2fa33ea3b2926c64d7411678f2d2ad96f983da1b

SHA256
e1e8957a00c9aad8015b555fba75c9fd55991053e285f4c860939feee11d1ed9

SHA512
8066f73ddf3fe4d357c73dab7b52c9dd3a7e9afed0207bdfab881dc6b7e5f8661c7521b71e2627843a619dcb72da533487f462a0d291b4d3804bf2ecfdc44525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574d74.TMP

Filesize
96KB

MD5
8fda727669cbb987fa1c6c214e6d7801

SHA1
9a812f07f1bbacaa8ef26cd745c278cf84859dc5

SHA256
ba2943d16db065f9c5b04cf4e27c53727c50ec5f9356f81c448edbf092f349cb

SHA512
6698016f85ebf8d3cf48ef34f28159e47d7fbb56a996436d80974972cabb2d44234611d13d982dee38bd4f59ea558a0e751cc507b704eacf6100cb4e58bf41ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/2476-141-0x00007FFB540F0000-0x00007FFB540F1000-memory.dmp

Filesize
4KB

Download
memory/4404-170-0x00007FFB539C0000-0x00007FFB539C1000-memory.dmp

Filesize
4KB

Download
memory/4404-172-0x00007FFB52D30000-0x00007FFB52D31000-memory.dmp

Filesize
4KB

Download