hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbllaU1FSMnJWZnA0THJLYjhqdzJhZ1NSLVRPZ3xBQ3Jtc0tsQmVMcUllWVdtXzRiMUdDeGg4MXQxM0xaT2tWaHhGS29NUW1HOENndV9oSlduRDdTcHVWNDF2ZUNwMWRFQzJsMjBOaTJLTVNCZUEyOTdsal91dE9sdDlxU0Y2NFZ0MGRDb3BJN3FyVmgyakc0RDAxZw&q=https%3A%2F%2Ftelegra[.]ph%2FMega-Hack-V71-03-14&v=yUUSpUapcPc

Resubmissions

23/03/2023, 17:02

230323-vkk5raha57 10

23/03/2023, 17:00

230323-vh1gnaha48 1

Analysis

max time kernel
107s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
23/03/2023, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbllaU1FSMnJWZnA0THJLYjhqdzJhZ1NSLVRPZ3xBQ3Jtc0tsQmVMcUllWVdtXzRiMUdDeGg4MXQxM0xaT2tWaHhGS29NUW1HOENndV9oSlduRDdTcHVWNDF2ZUNwMWRFQzJsMjBOaTJLTVNCZUEyOTdsal91dE9sdDlxU0Y2NFZ0MGRDb3BJN3FyVmgyakc0RDAxZw&q=https%3A%2F%2Ftelegra.ph%2FMega-Hack-V71-03-14&v=yUUSpUapcPc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240680323995687"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 2108	3416	chrome.exe	83
PID 3416 wrote to memory of 2108	3416	chrome.exe	83
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 1208	3416	chrome.exe	84
PID 3416 wrote to memory of 2364	3416	chrome.exe	85
PID 3416 wrote to memory of 2364	3416	chrome.exe	85
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86
PID 3416 wrote to memory of 2532	3416	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbllaU1FSMnJWZnA0THJLYjhqdzJhZ1NSLVRPZ3xBQ3Jtc0tsQmVMcUllWVdtXzRiMUdDeGg4MXQxM0xaT2tWaHhGS29NUW1HOENndV9oSlduRDdTcHVWNDF2ZUNwMWRFQzJsMjBOaTJLTVNCZUEyOTdsal91dE9sdDlxU0Y2NFZ0MGRDb3BJN3FyVmgyakc0RDAxZw&q=https%3A%2F%2Ftelegra.ph%2FMega-Hack-V71-03-14&v=yUUSpUapcPc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffcfb6b9758,0x7ffcfb6b9768,0x7ffcfb6b9778
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:2
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1652 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:8
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4832 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3380 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5184 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5612 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5772 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5908 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6408 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6592 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5572 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 --field-trial-handle=1808,i,5000597052526544814,6082717702082806796,131072 /prefetch:8
  2⤵
  PID:1840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9ed2112b027d1c70e351b2d58b65b788

SHA1
e1792b4b132e6d00e06a325a0ba219e4f3d344ad

SHA256
4348a21649a05f81a538bdb57775f03d157b1b95fccb57984c50e1f50c011fb6

SHA512
0cc1fe4024afb906dfc99d14168ef0e18496314ccb521d66c00a21c6ca27c96741cc5d383d7e08ea17a8d22c118170cd3575356496eebbaab4b6e8e672e8c3fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
18c45d52fd70c4d19f7f9a996ae95955

SHA1
9da38272fff6e378132ccabf227626f669200e6e

SHA256
2e258b2aab221eb5b14c12c84a2ae8a1d2e74a83e382649be1b6c3b163a8ddc9

SHA512
311931af808f1e569132259f65e682afca5c962163cdf3beecfad8af84f5014d0bcd7734d907b62c75c133718d21df723561bc88e2ab28b312af1456b1ba1104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b2f0e316031af2522a98e9ea6b858364

SHA1
7d72308cc90b2b89238d3e91a08d4e0679853982

SHA256
e0d0ee89c804ca284e9b1e94d0bf830f85f740ce5a0376caeae0ad2aefe8781e

SHA512
55c1a6e42e2e7fffd82e7a891d50eded17e4721447009133f907d609ed6052b2a4fae7256a94f0b7c328bb86d081e8d6c90d529a842a8ac3f724d82b19fa8deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e1e57fd8501ede0c7b789f7a365b4344

SHA1
cf6a6aa6c1bd045fb4aebeb3313648506bf38ac8

SHA256
9f955a1a8fe653be169db16b89c27929c35be0950f44503c6f8cac8037503fca

SHA512
e3421a451435254c0eda85ce752afce5e68b01558e61b2bf61df88a46bca75280fa5612fcf9cf46211cad56eead4661443dafd66421bc0d4433d4a30e08d6bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9d17aa37ac5e20e1354feafbd95d3f93

SHA1
46e0f77330b6169c4bdca440a55b0cd6cd03399e

SHA256
bd07c19971ae02eaade8fbccdc6f3af7d5350507347f0f8aa1fe6e29cbb3b225

SHA512
0a3cf93ba6d3a85ffa6fe7d306a104db632c5e51994b33f3bb095e57c8d5075a1929b6f26425b15911a4d4e9d7e0c98aa5ce65daf24f82ee496aec43a37b1596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
03cdfa32ed8cdd098921299d20b80d86

SHA1
0dbe2eade820221304ba1e71e8e8b768e34c17d6

SHA256
af287869106dfad844e7bac4e3a4b0c5ce125fe8717dde3801a98a0696e8f99e

SHA512
dc1838348512b463fb69ca60a876c58511cc0579378eb72a7d9661b41a89e1345cba584e8a0bb12d0d3a99ba1964cdf2f879ab6d8c77ac58581b21f1569cbfc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
27177b0a9cb8ba7bb1ecedd21b05a3c7

SHA1
e77b958b0dd790f754221ee2ec853bf309ca0d91

SHA256
58246a7f8fcf480fecf9e4f0f0ffb4d325c0f176bbab1374f595253265bc924f

SHA512
9fa337df6f8b0136251877567494958c13cff0e97140543dcf74343adb612b3651ae8ac252379cbf4cf9c6c70c84cf523cc832f732ae675b2063a3c62a9d50e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
32ba04735c75011ed1ca5e55b8d182b8

SHA1
e6ac6e786d5b44e76b137323846aa75e4be5d9a4

SHA256
453a36e1fb1f3dda2ed26242f1c5f3dabed2e583056c3802bba87050a82d10e1

SHA512
6e707ee7979e4a05fca9057aa1b60f56e187f0cd9603007306b3fe8ea7617d6c27a1785ceedbc55806ec31d1db0a77fc3f3fc231cbca87b3818d4d2e91a7df8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
893d5515e618ec807c3617607ea15425

SHA1
ba639a62e3ecb23acd889b754be66cb55fc67d84

SHA256
63ffd4f437c26584cfae734b8ee435a997ff10540d1d38d0196fe729994dae70

SHA512
238b53032b58770434d07090bdb88173fc60be0dfe54a1e246e719435df558b414536a1f1201608364fb6820624a40e0cd3a836eae9dd23e9ff10b7712029ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
b7e8e0c6b914578cbe0b5c621c52d06c

SHA1
8193c3f2e8a525d5d2662525f3efb12d59c59df2

SHA256
b50e604df9172ae20a43bfb3362a22dbeb48c11e45d000cc33447268a52722db

SHA512
676ee3648011522340a0bdd46cc0eaded35524461588b4bf76e49a1c6c27f7a9884cc3cf7e318f0c60405165fddb55f6c4ebf6259e88776f4c8591f49c4fbf92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
f473b9943078a0dbd8e301ffaabe00a7

SHA1
c9148c11e80e6740058c7e72b95b08e07e0c6d55

SHA256
dcf7c4ff8154dc55b88e030b6c0622b9a04ca6ab2befac2e4ad4530f7f906e7d

SHA512
f57d1345787bb5f22a6525fe7a8825b067e9974035d47172dd2c4d2279b3f040800ba43f220b7305bf0d65f5aee433de5df0106db4c0030e9c099d866aa01c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
c6b2a62ebd775a93ea3749d72dcd5bdc

SHA1
fde94ff90ba2313e450a181709aed31d65d7bded

SHA256
0813fdefdf9eb5ee48441748d0ebfcab9ce62fc39555e4850a611e694b938f59

SHA512
084e80fc00496a553546ba3c76cabe979538a646265a8c8dbdfda1658f8c88182d80280d8cb236983e709b6efb1995e4e8dcdd3c76ea46437cfca128ddce60d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
db7eaa024b01b35203d13a31aaa408e3

SHA1
f342e34624d2670691e330b7a02a2748e097977a

SHA256
6757ad43164c4f159afd50a7972b68e66ed416b858a63ee74b1dc60bf4b6f092

SHA512
27c172e61c299b8cfb4410508cc7701b3bb9eb90fdb4e13ce918b723ba862189d3b4ac4e17126b98aceb88a13829c3100e519c4001d71184b96719538cf52956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57a587.TMP

Filesize
110KB

MD5
7650d460a87159f2bbaa3ae78af663ee

SHA1
13522d6b74c133dfb5e6e0bf5e1981bdbeef5074

SHA256
27fc9f1e666321d2921839ebc9205a0f59b5fcf11d96844bc16e2c68fc94e9bc

SHA512
be5212de15d6b2e76c68c0183255145f006b6aab428fd3d8f20d7c3c46b1c8c06f5756cc461f39ed5b84282376c47d70991980ba7e5393a430406fc252078052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit