hxxps://selenderhpamujiggycareers[.]com/assge/8a41cc5[.]php

Resubmissions

13/03/2023, 07:09

230313-hy9n2sba2w 1

13/03/2023, 05:48

13/03/2023, 04:59

13/03/2023, 04:53

13/03/2023, 03:33

13/03/2023, 03:22

Analysis

max time kernel
600s
max time network
508s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2023, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://selenderhpamujiggycareers.com/assge/8a41cc5.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133231556420774997"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1384	2372	chrome.exe	85
PID 2372 wrote to memory of 1384	2372	chrome.exe	85
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2648	2372	chrome.exe	86
PID 2372 wrote to memory of 2324	2372	chrome.exe	87
PID 2372 wrote to memory of 2324	2372	chrome.exe	87
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88
PID 2372 wrote to memory of 3904	2372	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://selenderhpamujiggycareers.com/assge/8a41cc5.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffb73279758,0x7ffb73279768,0x7ffb73279778
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:2
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1796 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3288 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4788 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5176 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3412 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3508 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3284 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5132 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1148 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1764 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5360 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3468 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5812 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5964 --field-trial-handle=1832,i,2908048997312693022,3681303400290027117,131072 /prefetch:8
  2⤵
  PID:2696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\11030d29-3360-41e6-94a1-abf8c9c6cd94.tmp

Filesize
144KB

MD5
25879e7d9da57c62812067e7546cb1a5

SHA1
c592b1bffbebf4361253c80970c77ba92be06410

SHA256
d6e99c54277197b366e2e3129c9b708c8988727d042a07ba3f58a1169fc61970

SHA512
b2609ee95e2064a0b063e222c0709a500531f4e2702c9b482760346fedf24220c7787896498424a53b3cf0354d241818bff4c98b87e0ca281843127186595e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
07470a69807fe76e0e7aa0f7838bf0f6

SHA1
6d6a733343edf986db73675fc113395f642945b2

SHA256
db82b65c9262e4cbbb0766314184f37f29b5c07f155621f93fadea964cd4adde

SHA512
b7efdfdfb06c1cfe327a7318d6b8db5f516e03be6366e38a2e591ea96f75a639bfca012a37cb9d14a48960cf8f09b80d8806f1e1d295cb8e600d1243b3421347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6700c62deb72221e3f429e08316f8f1b

SHA1
9ea783fb1100b12605c2daa9006407d2987197aa

SHA256
0ce85eee494bdd9a3986189c9afedb7e2f2e170686df5ccc300e0ffb39c7114c

SHA512
6f7fcee2e000b154a3ba154e0d6ccc4911393021ef84b3152ebdb56fd9fd98818dc52fcd5164552700df7d4c9fc419a00c34fa9b11bf5581c89d3b21b98e493a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
21d8bb30d450b2cee5f95e9454d34963

SHA1
8b18137096051a53a69b58bbaedfb3b8d14b587f

SHA256
6de1d26ab69160dcbf29ec940132b5ff51e6c85f1a9bbcbf83ed4d175044ceb5

SHA512
85175a0cefd5b4efb0da8f2f9bf85e678345b8153072b00199de869e728a49c62366407ce522caf6fcd4b565df78d755d2b977f8641d897e451858608df5ac78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
b32faa6693dd7fcc562c4ae27943bd7c

SHA1
28ed1e1dbf984b887190158fdc22c522702355c4

SHA256
775dea944a0383289b740be198f48ac7ae0e40c8940b541fed61c73111d0a63a

SHA512
52099fdeed6518c1c11c5c9cd381abacb3c2fac79bc91feba7df078d645bdbc67dbdb211aa26019713caccc30d1141dee3ba62e5c2edfff697d7230e48eab584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d456ce6230445bc798582004375a857

SHA1
4e8d7e9ebeb7dc308ca08425f9c41d4354aecb2c

SHA256
715d311b600e4ac84b7c267a96b5de15d81e5e8c97d2d8c0b6719e120dea9edf

SHA512
f249f65b843e7730409e814d8d76dec2cf30ecb6bd9e8cb576fb2cf5db746529cb555c4283450f0f8c0287a2569f7b68960309ce0adef4884eaef2c87295e2c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54bbca555b47f7e9471430211377b058

SHA1
39148e37a58b63bf749c6b586900aba67fc97dc8

SHA256
52c6622a24f9c4f69178d31f34c04e99096870a7b9814263e7c0ef32b39731aa

SHA512
4ca871ddc1c070f1f8a4617c0f0dbfff60d23b4bebe54959393550d2a4a536cb79bcc66084bead0e1c99081fc493d44d94bb2883b111d32b8983246d07133e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c7bc1d4fc5a1a9b44e817f38676df2b

SHA1
a1d510f5d239a45f2475009dfc72d24a189c099d

SHA256
f8856f72c8347d797d236346af6f5190ce45bc1d67eb0af9513522c2efc72fb4

SHA512
86f706fc91c7dc6d88265a08c621b21a512e67f33f9bd34fb4f7d5191aaba7fb4c8bca2fa61f5bcba4da149667be52565bb5aa9ec04d53eaf9c016e0769e5720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ad0363640a26d3ee67e3eb3e0eef345

SHA1
30164967e57e7b5c3173cefbd7845dd0798b2aa3

SHA256
b96d7c11a8a877ce7e3016924c0ef06e8bb4eb058e3a5e1ce923b7c646790b0e

SHA512
2b6fcc11594464bf4aac8a104010cc5a4886ff608b37a0fbf183a147293b60b65ec7d424edbd045bf4063c2cf1476c6d42cbcbbb75cf24221340bad6f6ff219a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73b2489ef077003df6b93b8ea0a43f3b

SHA1
dde4ff0b1cb631b7a186b20fc9592b13b2aecf41

SHA256
6021b5d6d9243046a6499c0a6ceef3b84abaffc341d245fa60aa2710d5ab2367

SHA512
83c19f2ecbe5b1059bad81fb6a5e66eb8b1d2eacaa49133a4945fa70f243b9fc2594fbc181d8a505ce37b9754897b64cffa088b84d29bc952b8bd8cf8bac1176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83048cfbd389ca1cffae67afe3562993

SHA1
97cfc8e13a7131f6554ae3f005d6e3965f885d02

SHA256
b26e41be028b41c9ca663e0998cd21a6885ed7fd2ed4ef739a3a93cf32b33929

SHA512
95757dcc107f3dc3116814abf0b32dac294c5443341500eb397d7612eb0b789b8ec558973e21cf4426b8f5f34aee9afce9c108d8d27037e05710ac9080f7f00b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c5a1d55f0151b10f10932d4ed45819a

SHA1
330f8e9c26c27c0c1918c4ca46528fae00059d7b

SHA256
29404fbdbca4fb40f723990390d6bfe77db8c3fcce2c98703f708c69972f52ca

SHA512
81a5f8a03bed437598d81088cd86e1631c15bad4404e1913854bb066855e1af6bc1e2bdd38c21569053983da76c903cd3b8dfc9ad76c1bf3cdc3bf002b13faaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c6aed5032d35942083b6dc20dca830c

SHA1
94fe63bfc7e1bff866d3fb5843729f09be299109

SHA256
88027ddf04c00b59becf67e1a920dc82c43a343af67ff7d6b60887a4086fdbcd

SHA512
435ed7dd5a3350a2d1cab97fb4d106276c8ba55fc30c3ed8962992cd69b0030aa08aa65ce64b83025d7c9facae593651eed901a70832dedabeddd0c52a1fa7f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8c9e8e84fdd366d59bd5a28e0105e8f8

SHA1
741a1b9171ac680c7dbae9f6891c72af8ad659c0

SHA256
03f76e59e2c36ae0157b626c34e3f4cda09864c5c5d7beaa18a36615c48f2032

SHA512
80a285caca6f7516b9ea8aa9c116967aea499fa4c68f1f74c53cd78efe3067ddbd1b69c59ff140a6f3734e1fd9914fa157d4a181a8ab6fe30fdca0bf04773131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
98670015f5f6536a572d6f408b9be425

SHA1
1632586b16d7eabfe208fd2e0f39456522003515

SHA256
0a8af3141c8f01eb15b9ea3a67f446472d7be2a7b4831c06fd783589161d2b19

SHA512
e731b87e9fbd5140951a5381d007f3dda6f5b14d073fbf7e8db4c7eafa4b42611391038d809e47d916eb9dad39fafdfd8a6f3d01328f8b80fb7ff8607edf4ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
84adef48f7ab5ecbd3d52afd6cc0d4fb

SHA1
b39d9cfd8f29e0957d33c7eeb84c55d137708267

SHA256
7aa8d97a353664d3dbfbe6be33d30d90779e9253a526d05224472d5df5f5bace

SHA512
6da4c84f38c80ef0ffa62e7b7943f1564cff214b0a3018bbb9c178cd3df9e842dbd63a4b33d93a6c770e55a88f878e02a9d18f739d9643b5db628484534fe713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
dd5393a2fbf2af1e5ddc1ed27e5a0140

SHA1
a0ae0c5d44b0c1f6ddbbc6005a90c687ff4bca0b

SHA256
cda1cc70057508ebe9e4cbe7932ceb420dda3d5941b63644d21fbd69f9f81c3d

SHA512
62326319d6bbcc3eadd192b4bdf81c3a20722c128a80983a7239d29ed2b432e24680a54d3c2b5ddcbe3a8e5817907eb1e0244e5dd0991a7641bf3c7c138f8799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
dbf9e6a9c02d5ebe8d76f28356b1d3a2

SHA1
4c4408b243d4e1d9c46f24b7fe2ea36b3d2f49bd

SHA256
68648205443b326aa1de012931f59d309e861e2a5ec566c9bb67ce914bce0195

SHA512
4fbfb5749b38f761035dfc4ebd576428f5237893029e98434a7ad0a95ca2ee6db6914a0d7c6fa16e32217d739c7d82d5bba2a913be6a41b18cc8be484d6d3112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit