hxxp://ec2-15-228-193-140[.]sa-east-1[.]compute[.]amazonaws[.]com/?hash=YXF1aW50YW5pbGxhQHNhdmFsLmNs

Analysis

max time kernel
165s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
24-03-2023 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ec2-15-228-193-140.sa-east-1.compute.amazonaws.com/?hash=YXF1aW50YW5pbGxhQHNhdmFsLmNs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133241435482598090"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1088 chrome.exe
1088 chrome.exe
4392 chrome.exe
4392 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

1088 chrome.exe
1088 chrome.exe
1088 chrome.exe
1088 chrome.exe
1088 chrome.exe
1088 chrome.exe
1088 chrome.exe
1088 chrome.exe
1088 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe
Token: SeShutdownPrivilege	1088	chrome.exe
Token: SeCreatePagefilePrivilege	1088	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe
1088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1088 wrote to memory of 1900	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 1900	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 4512	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 5060	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 5060	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe
PID 1088 wrote to memory of 3804	1088	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://ec2-15-228-193-140.sa-east-1.compute.amazonaws.com/?hash=YXF1aW50YW5pbGxhQHNhdmFsLmNs
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b06d9758,0x7ff8b06d9768,0x7ff8b06d9778
2⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:2
2⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:1
2⤵
PID:3396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:1
2⤵
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2780 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:1
2⤵
PID:756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=952 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4744 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:1
2⤵
PID:336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3476 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:1
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3480 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:1
2⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3992 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1628 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:1
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1748 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:1
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5236 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1824,i,4722958022091146008,9552611270420901536,131072 /prefetch:8
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2544

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\55df178d-5eab-4d08-ab0b-b558999fbf8e.tmp
Filesize
144KB

MD5
e58dc5e81f4f085180f3125c0b5ba927

SHA1
b2b2cab09971e0baa805ccb2ebd5b878afc071b3

SHA256
f71d02c14a418e562158eec96a1d6c571d08d9be376d89bae227b76fe2d932d1

SHA512
58272ef0a1d4fe7b078b7c8cbb9e1cbd866472210c3b31402da5fcf710f10e4fd2254b2d8b8bbc92b04cd32ad47d960ca21715e5ef2231213e4fe06278a5eb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7df939c3-adf1-4a23-8d80-730aba9d7efb.tmp
Filesize
144KB

MD5
0e4b5b6ef5d1112a02312b02b0b4d53b

SHA1
388a7d3291c802e27a700097d9894118523e8ef6

SHA256
f99c6446d3eb00a40b0961a006cb6699ddd4171ab063291f4e561741537100b1

SHA512
e47841d4189b696c2d416d9c81bf224fe0de45961f776e423f1fb905dcf751d64d069b961aaf241b8622b843989911f4153447f68cfe8b62f42a0524aecf2b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
882B

MD5
5723528a2d30e4394c9989e18a01c5a2

SHA1
70f1b0736e4d3b7c91b27d1a242645ab4313c6ab

SHA256
6587491c9433d42a01f6761d1c47d721bd333ed5aab38ba9a8c140fc0c4f2345

SHA512
3049f9902fa19a6d2bddd089d13330856a3584cf746664af6a104c3e574eab2d527f6d364fda83bcda3b148af25c8f94a8096355222d3ddf1ab2b7b02e60ca3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
5cc433a6ea30b071e81997ee1dfd4885

SHA1
a5b9e321a79e117274722de68229117514bf65fb

SHA256
ec9a97affdae670b7b44595e27583c2576ee70ca9564c5aa2564aa7652d3b8ed

SHA512
8cb7fa05bfe787a9d8edcd3390f974d7a1b796810fde51a41cf1c977a2a9247c2c0f90814ba379d088e0829a75849cf2693ed633dff5c2575fb0e0fd30f4a9ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2b9b49ab6c8bd154b119930c10c9b7fc

SHA1
ec6aca21c7e98f5a0d47c0569e8df5becebe3622

SHA256
b1ffa6b5dad4e057ef3000c0fdf8ed1c3d6c9dd8ff3c4c2586dc8b83c428e268

SHA512
d4d252db3b5927ebfb0448ba09f5033e7a873f1d914033bd0e3866b96393d1ce4af96f71de811ed0f655c93c0a0b040ae2bff50c9de743c6251845c7cfc3b135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a3a4ca3c5cb687ebcad6c09471328326

SHA1
ec340bcabbdaf55dce513415b475b649224986d0

SHA256
44fb877a799dbe8cef6b54fb1e4c8a09f9eac1584c7189d1f94ed3785827707b

SHA512
b0298468cb468b28b8caf601df84c81e48f84640a4c0c449f6f511a6ee18c99d8b294d2ee32c57961c9b52ab0cfc65cf30260d0dda1c732427e22fc91bba2416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
80d5e442b085373ec0197b26457c03a9

SHA1
d42bc7cba045ceacdf297af88a3b7eb48fc6c502

SHA256
23cfd4ccc3f75693e499b0b5690f36264466a4fc7410c42b97af14008507556c

SHA512
344270d0b8bae1338a9c9af088e24d7a57d2d27b31d2b72edbf557725a324f2c23a0845c31b137eb3ad4c301d2d4dcf8faa27913d673e3b2e2be3c4a18ab8a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e3b2047b370599c6a7771802b77ccf97

SHA1
3032cc3751f75227749de66094a68eb622897d45

SHA256
7aec2bdaaf9993471a661b0f7ed9030e521d03b0dfd00ce68c8657173d8b1311

SHA512
c8ba0c4b0baf1f7fbb768d4ab287d2afacd136476395e6f464090167d2bc8eab858bf23e5a878098e3b7d5b2f85efad1c08cfe48df9aa823a83488ca7834ff31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
10f8eb102a848961a889a842dc917ab3

SHA1
ee201e9bef7688b782250d14a9a7dec7f3b2fe10

SHA256
923f66eb685570320d2bb830cc09ba83c8905a400f399c71dbb8acadce67c027

SHA512
eed85fe34e30f013313dcdd9c13d30ff2e48b8acd92d3c25b32205e37e2863dc005f0c9889f82141973a8a1b32b4eedc4db5717b2c7466d6b745f962aa1b5ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
dc13fe1ea6fbc9abea5b54cd05a13633

SHA1
2fc9c88a7c83ca3f35a68e50ed3f53690923c49d

SHA256
0b6ed09fe14d2d62c436c9b798062054af8e50da48986cafcf78b55ffe761bc3

SHA512
097ddf8716ac45c7a7e4cca4c273199371e75c7d7ec231ee7560ccd4cf299c37ae8d3c712b7dad04d24a60e30fae8bedba1faaf77be1deb6d3e9b6fa9a5f6b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
7be42dbc44885527935324ba4ba11c96

SHA1
f821617af3c0c5a94d3d2ee9a7f0cdab500e81e0

SHA256
f3f7b6d8ce5912f96fa93808ee25b7d7ed38a6ca91af97252e8150db4bd49d73

SHA512
f2c115107f20108c95c6addb84d8e09d04b9a4f6263aa745bdbe339b37fc65d02bc1e36dd6ee640f8e86bce22b7c26481b58f042a31f25155abbfef70d7df15b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
1acf71cfff0740e1a3aa8200150c0482

SHA1
8c9d0a0c98933391e5790d90a39f2ac4c41fe229

SHA256
74b8da6f0064fef1c4096245f61453dff492dfc8343cec4da0f18d582b8e660a

SHA512
a7aac27c4e97c0959a6bff138507c3a949249ff9c95bffc5259d60634581ce0ddec36c8320430f8b549162f36d5bc1d36d5f693c0af4f6e789389a93c4142fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588d18.TMP
Filesize
98KB

MD5
3c946e6f7784a5ccefc7d66a91c497ac

SHA1
b218d20d23c21c69ad367c65f5b38606dd1f76af

SHA256
efb7314bff48ef6974fba38a413ca2f2ff2ecc73c1c1b132aa9b729fc73c63a0

SHA512
2c4b7b040a7e745765420acc1e7bb3e1d60e5638a506a7494481d20ed9738194a6a735fdf63ac1521cab78a5e3d900d23563995cceef542b6101c393924482ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1088_DNJTCZVRHXKAODUZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit