hxxp://p18[.]gowebbidemo[.]com/mde/upload[.]php/

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2023, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://p18.gowebbidemo.com/mde/upload.php/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133233811275478728"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
3052	chrome.exe
3052	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 3656	2572	chrome.exe	87
PID 2572 wrote to memory of 3656	2572	chrome.exe	87
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1560	2572	chrome.exe	88
PID 2572 wrote to memory of 1812	2572	chrome.exe	89
PID 2572 wrote to memory of 1812	2572	chrome.exe	89
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90
PID 2572 wrote to memory of 3572	2572	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://p18.gowebbidemo.com/mde/upload.php/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7d6a9758,0x7ffa7d6a9768,0x7ffa7d6a9778
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4868 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5572 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3248 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5680 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3264 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5480 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=952 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4424 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5684 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4876 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3028 --field-trial-handle=1832,i,13741321115476447771,389923297395683682,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8afdf281-abd6-4068-b649-b1b2d3f899fc.tmp

Filesize
72KB

MD5
8995230e318604f3715c3b8b7f81c540

SHA1
2f12fb3d525f47926069bfca5a22fdd7b12f95aa

SHA256
e601a7b84dd1c149675b1ec15d319d27ca8eebe4390098678dee0e1b466913a0

SHA512
b350daf271cffd326e83dbdc7ef7b53cabe4148144dd77db2e35798082bed6da9fa8b6d8e257a11899e90788b62651d3b502bc3754f713336f3007f3802d1480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
6186a8df2c58ab90037ac23a7c02bf4a

SHA1
4a1c267972403253d703846e4c74e9e7fb0e8ca4

SHA256
e9cff523b2489436201b839a736cee221158bbf9299a4aa87c31f1a178dafd1e

SHA512
a5384d35044ac9c4a1625d5d312ffbc1f5beacedaa9877d887a3b3506e5edfd40ff804fb028ef812ef3e8f4311e24cfd4e01d02c56247952c29a1d75a377ac1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d0d51bb3077377f15a12d68ad4ab4645

SHA1
98027438dbf5d23f1bb9595a06d5080f726be25a

SHA256
57704c9646c2e6441dd06000269a3feb22adaa9d44c10bcb0f506c2ec1d706db

SHA512
39365f12eaaa69fd7245ed5aaf528d6def4fb69d9174265dc5d0f868ecb1b3db18c7c1d85fee240f3bc699cb66588feda4d714e73527506288e10e473c3a589a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
80f9f8b508b811992b6493d058fc3685

SHA1
a1bee22be4d5b45288a463291c0a04b730f6ee72

SHA256
c284ff0a40803e16120a03f9d644e08100964a8d475f29a4635e115398a8ca26

SHA512
32c57cce2282e8869d3a22567ac2080936a15c691ecfd051bc4713a81c43a156521321ffcf9c1c960ecc26e2bf93b0fb6c83ffaa958930b3fd5f2b02b15f559a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
230b85fcca2b31f6ba72d3d217202664

SHA1
c2c01f65b141bfefbda35f51f896aa9b901dae4b

SHA256
f1b8e95a88e578341be21c1273f04ef38cf33b760f1f461db040ffed0cb270b8

SHA512
39097f348ca5ee98fad80cb395d51134c014b655fc76420c0e3e046b322d7f67cf34c7e4d44d181ef0b5a1e891afddeeddb6ffd4fa0472b7421dfe287dcab968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6dbe559f4814f7801f1d78a488e32f61

SHA1
01b01cd6c55e1bf73014422d16b5cdb88f62b7c7

SHA256
0708b7f7eca65a9b1bd959752144a34497b3e4d6b3631d4eaa8aaaf18c199dc7

SHA512
513b96d7feb5984d555b22ba2c77e5f4714ff2526f917231b09e4435018ec67f51d581cb9d7e3ec7494b980acde926ce88dbcc2652d9faafdfb2f9a80dde11f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7085d61bb660f60f26e3865a5723e868

SHA1
7347ae3e28259170e45b9c1ee0e3cd3d4958e77e

SHA256
d376797c9cbaa265e76e1f4acd2494d24d4273bc5118a1e108ceca0473c0fded

SHA512
481e3f1a5675caf10d3db4781c422048e381e96a0a977dbe01ae569bbe521f434a56d85d3f412a6bf771abdd528c1b30ffa755543ddd3ae830670db2f5e54567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3c9e392a4449dd3e081c302343d3d1c0

SHA1
17cfff3b7440c8d70686dc7aab2a325420bb267b

SHA256
33b24d4e1ee298b450c2d2318e8e3b70ff5ccc7677429b7aebea33e23330f426

SHA512
041cb12b02c83a423961958dff4ff816cec269a952420a0b03006413b4920541fd35c64411fc7126297840cfd539a9df5a2b8b3041b471c9a7f3f8bfe1977a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
b46254564447231b0a18a96c84398888

SHA1
aca03aee7057e1f8ef8c78400c3f1281f1b715b6

SHA256
97518ca1dfa3af33cc5be9c940d1ca7401f389d801ac7ed66bda7c1a2af2c45c

SHA512
2c29a50a011a169a6ea834be7c8031388bff7443fa78a52b6ec2f9db1e37a8371c59411723183b40563a5beeb2e91fe4c7a35abdbafb85333e1b80a1b64398a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
914ed488aecc032029b2aa4508114445

SHA1
15bb876a595fc65f0658c48c8ef73c0ba5fb4b5d

SHA256
9c508b13c1f472c9190a48922d829c0115d17cd3b2de2305cc6383f0afbbf33f

SHA512
7b24c6c7e20a8c525189ae9b8d9fd3ecff3fee02110ec4aa8eaf93973e3cf96c486a96d6fdd91c1c691ec3c95bbaa3fa4fe3ef074fc1e2ada4c9703a16cc1ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit