hxxps://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link[.]translate[.]goog/?_x_tr_hp=bafybeibeav&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#alfred[.]sidaros@ch[.]abb[.]com

Analysis

max time kernel
76s
max time network
76s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
24-03-2023 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeibeav&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133241388679574633"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4100 chrome.exe
4100 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4100 wrote to memory of 3712	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3712	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2080	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3556	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3556	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 2432	4100	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeibeav&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa2d959758,0x7ffa2d959768,0x7ffa2d959778
2⤵
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:2
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:3692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5428 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:3212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5140 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4996 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5712 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5860 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5676 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4504 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5616 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5924 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:8
2⤵
PID:668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4596 --field-trial-handle=1664,i,17810822098762235820,15143912510481029603,131072 /prefetch:1
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
Filesize
162KB

MD5
4043af37a3392a9db521ff9ab62d9608

SHA1
83828688e7a2259ed2f77345851a16122383b422

SHA256
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

SHA512
97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
65001bc6cac37796fb156c23afa595f1

SHA1
47d3735527fbe317824f33304112bbb534e672d8

SHA256
2f257650b18ef0debe01ad1bd2925b523ec28a2648288a37924e57f64f233b11

SHA512
cefcd68f71264d9378ac924be96b33f58eb908020797dbbb64bcbc62fb444eeeb77642335b65324c9307df6d973b750ced1528a1f316af0b30d644e01cbbb15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
74744d9e3dd13d1b6ee2999f9d414762

SHA1
022806f23245c4ae3b386a3de5c8a333560c3575

SHA256
f1773f74864ca99be6a36c748160744e67b816f7d19d145664cf1f0b7c1ebce0

SHA512
e5a0fb50b4e56b1680de7de22c3f6f5f97825dc88c7b26492ddddc0504a5d584e50e79fbd44d9836961b893b0ae461e761a8035860651384911499dd2c86ac1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
fc5c5fe92d32945a3ea8f4212599b118

SHA1
9a7c2e6947e738354a5ef87f074982abbd57955a

SHA256
1ec8a454b1f946956c5bbda9c37ad11a3510b48d590d8f66f82ce51ac1607b81

SHA512
357bd8c8867d46200abe8294390cd45a60779701cbdce292aa3b8c0aff232111d7bcc7a414a1ee4fde09a3ba2a27face38195c4a2b9314e3814a2a15d1005ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
4677e9ff6db4715f7566d63363b0cbf6

SHA1
56f4f4ce6bdad666793af3483cfdcab385b879bd

SHA256
a767ae627bc6e5a6444376f09b42cf91e90b3fe35537f53f3beef0908327b58e

SHA512
0dc73effbeecf07e0d86a5722b9596bebf5a346f5b19c57ab343116669109bc2b2545418532a57ad1021428e9b5a5ae1b7d684fac51e5bc712ac62de15fc7090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
2c52cc6a173029cbf60818a194c58158

SHA1
f52b2060e2b470dc0c182b5576d618eb455b0653

SHA256
f98fc8c337673aadf14ad2e9d660bf5a83c53b7cfb85a76de282cd57e1129537

SHA512
af4c824133ebd6fa86c4af3d414452719e9fe8c2b8d0e153972442f2a104ac4566b6ea66869ab6db593e69f39073d5a5261abdbb5681faf1c63bde5cae92a569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
a2e57b26b6f1a4da616a911bfbbd1cc7

SHA1
86c24e22cae43148b7d2d448ebc585182ebcab6e

SHA256
40b40451e5d1a035055c380229006df2d318968702bae9f8953168d7528466eb

SHA512
5f305a08ccc59f3719fd15d84fd4e93d3cc1ccc5bdd59617ac520ad6a4641fc2cfaa0dea005530aeaa45c7d2802a0fa00c182aaa4c26f61e4541acd035c6c4cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
26b5c9b9c0b8212596274a6dff91717c

SHA1
a7c3711859dd41ea68cd5e018a88810dae895638

SHA256
9edb196e24db7f79fd4baf8996585cf1fd16c6cd48322d63eefbbaec787cff64

SHA512
59274955b34f563822cee5b41f6352e64708ac9b9882cefafc17495d01b6e302ba474f99d72c7d564f6c1f5e5721cbc659e6e3800492164d63b6120ebd291f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9637d696364fa991c87368da4e875d8e

SHA1
afdd43efc23ca0d50c613ec99c91ed4a89fc8c57

SHA256
f34679916eeb9b4b80b0e302ce83f152530a7fcdce8869108b33d52870f154a5

SHA512
a3499a89883e3b3d3ab3b68c71bec92fbce660b9889a7cf1c85e8508b64e6a55d5065fc70690aae36f76372aaac11d239d3253fb3ddca48b6140ea6f962feb28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
702df83a5bc8cbe76cc50fc6a6b4731a

SHA1
bf86daffb8cdaac1b480c20cbdd45313df10eee1

SHA256
0a1a3aa254ae9677b312f455f771916c36abc08fd66db177051500826406aee4

SHA512
e042553584d9c28134aded80f02cdfdaaf07f42884b928f59741c875b8cb0b7dcf68b6dee5026a54959e268fa47b100fd48bfd1c3b38a75a6ae61e3c7a535a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
053db5b5fed00678922e803536e943da

SHA1
a88e9f0992175215cb53bd0878bb4cb240332093

SHA256
64327fde9ac26a45329a311607994ed7859eec372b65e4f29abfdd1bbb7b55ae

SHA512
0e7d55fa992886de272b67be4325809e4d6656a4e44eccdf889b5b8ef7851511e49abc423cd2765a327b052040c24aed403eefb39f0f4c6cef100735e9cb70e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe570b79.TMP
Filesize
48B

MD5
b2acc6f1a9daf36dd28defe2b665b819

SHA1
b4e8b18b6c90f825e7abf4c56d5706507d740d13

SHA256
e7887a0e0fe7250e6abe3b6e911e83ea6306cc47db7010fc9dca232150a3f588

SHA512
59b09ab5eb29c80cc9c4da24b03932b7e370cdeb6d7db78bb2bb797e3d4b14011d344a3237c03681ce632c3f0d83272294f4769dbd2f5c6b65a83d2d844161a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
437b8424022b76371ee85dc65b663ed2

SHA1
33b961d0f82c40fd0bbea13b0280c1ffb1df60e8

SHA256
f043914933b791d1ffa6cf5dc419c03c9deb9ddbbf5b4a2db9c198aed73433e9

SHA512
613ccc84fa7e59c659f85c23dccb20895f608c0c4ca193ae72d7a70b4e4be687aa6de6d6350748a3700fb8c5e757776757e8c27223d90de6e0da6430e2cd67fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
c7da57d848fb898601333426c3c37bc3

SHA1
5224fa4708b5a6b022166d40550aa20fc877cabf

SHA256
1726099e281dda67d8d8405b0532b29103944318c0189154c5b138ab03c003b2

SHA512
e68e8289193a3b31046c25c13ded0e334bd20b1715a5a219476142b583984e28fc8fba9640763c827b24f00c9cbf5bb212f5c999440ce4c456173f3214ff3bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
eef226b3c388193d6e61ccc0291ced7a

SHA1
9b469eead1c73c7abf4d8a41a15c46c517671f6c

SHA256
c6a226e65e4fa456169dfea295e38ba900706259a24a5d6ab1ebd40e0c9c46ac

SHA512
e85138413b60be602c5401940b75777724c93f2830b4d2d1f6c7bd65cc98dda72460e03b01e90c26d1174ee9e8b58a4ec8ac17e974a954697f6e1cd7f7e09ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
657858763fa8b2806906bf1102c1f75e

SHA1
95942cb2d19d372e292c28396533739c6987cf1d

SHA256
230195106eaccfa14614220666e19209109985124a1c1305b6f40137cbc57fd7

SHA512
083075bbc4440e69ff330f4b43a494751c8395603527bbdc72dd0a2c4c99e5ecaded9ef572fdd57f30c230224937727937cffdd4ebf4cf9a6afb5fea1a8c6ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56ed33.TMP
Filesize
98KB

MD5
1e00475cc14083f8a7540c4b1dd31835

SHA1
88d54479a7c22e69d2b735e4f0e36ce5dbbafb39

SHA256
ec4fabf672c6eb5331af86321ba73497a11f523016485351a66c325555a3a338

SHA512
99434b643dfa782c26b6505efb3cc638c2771a461d88316f9e3b76eb4f2c88183e71e18bef9f7d487d7f557ae12db0b41b1f01ca302f2d1a084a6385aca2b434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4100_TPLTZOLGFITUDEYX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit