hxxps://fdb74b-dfb46vdf-hnr7[.]s3[.]us-west-2[.]amazonaws[.]com/ghddytfdygfde[.]htm?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEKD%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIEeUfVwlLmwN5AvJ4ETLejC5pl7mFd5q9KgPsZyUh%2F8BAiEAlpgY7VYUb4jUyEOGERBbbws6wVhlwNPHkV%2Bsn74Ih1wq5AIIeRAAGgw4NzQwNDM4NzI4ODciDJv3XHYJLTkOknwOeirBAlY4ZWoFOWf3Xu%2FJzyskRBgBvCnfbOACGOk0QRgynWsUHW7xsy0v%2FEVoa5WAIA5VmFQmcHOBNl%2BGdXNu55gF5kbKrueWKXQIleVKp4rgLmI6dQ7%2BhNtqfLvjErUexJESCtDiXdotFDtPZCYjFIczBAf3V0GddttOOBOBMTROjEOw33BZ05DRmw7WvybAJXT%2FcRhMiDK8nEsi8138uUYESvKJLMyeERX9Wxx%2FV5w9T2oJtxkuzPPJXI1SHxvZxjH0fp18ViBtVGEz0Od0jAeF4xHnZoDl2909yKorD%2BGOT82mmPlZd650Cao2LCo%2BlTQhsnCsDWKVz%2BV4Q18ZCUIWD7oRLav6bVhp8fQTUkCY6gLlHz4BIzC%2Fz5i7SDOQOSW2abFqleeQU%2Fpg1eAhIfjBvkv9gCXlf47GtKRcb1p1pAiGlzCg2ZahBjqzArQqb%2FO%2FuTUORIiIVtS1FMkCRFsks2Q4qGBcR7oukkQwFTa%2FWsi3cTyvOVzuCOLOc%2Fu%2FOVQbfjI4tnWgIYu5Ha42DToqh3Y6jwHyOcEMoCi14QAjbpDKwAgue59RbulCzVBdB9C3JwKgjxy4faL9a%2BByZq9WZA6nGbYZOgMHwpSFXEmp9v5S%2BUSyFAfWvM7cnu%2BeuBFStorDgU8tAuDeWIDWrXgpPMQpByUW7LEleF6lbxFVo55vGJaWn9KJuoe8UU12myqOV29j3AGjA%2BYFcK7qlGIp09a0imC543Yo28JEZXYZJmnk46RW7CYBa2m%2Fyze6XZGFfeqbWsxTCueKW8KW3TPK6ddQ%2B2%2BozDWjmBlBYXS6JPC9JNJ7VRDiahVNUAhtZGm9tsF%2FmP7IdTSFYLltEkc%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230330T171925Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIA4XAITCZ3SFPLLANH%2F20230330%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=990214d3f89f4da6f50e39956cfb9e04bb636a26e5ecee092d988856c17f465c

Analysis

max time kernel
75s
max time network
81s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2023, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fdb74b-dfb46vdf-hnr7.s3.us-west-2.amazonaws.com/ghddytfdygfde.htm?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEKD%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIEeUfVwlLmwN5AvJ4ETLejC5pl7mFd5q9KgPsZyUh%2F8BAiEAlpgY7VYUb4jUyEOGERBbbws6wVhlwNPHkV%2Bsn74Ih1wq5AIIeRAAGgw4NzQwNDM4NzI4ODciDJv3XHYJLTkOknwOeirBAlY4ZWoFOWf3Xu%2FJzyskRBgBvCnfbOACGOk0QRgynWsUHW7xsy0v%2FEVoa5WAIA5VmFQmcHOBNl%2BGdXNu55gF5kbKrueWKXQIleVKp4rgLmI6dQ7%2BhNtqfLvjErUexJESCtDiXdotFDtPZCYjFIczBAf3V0GddttOOBOBMTROjEOw33BZ05DRmw7WvybAJXT%2FcRhMiDK8nEsi8138uUYESvKJLMyeERX9Wxx%2FV5w9T2oJtxkuzPPJXI1SHxvZxjH0fp18ViBtVGEz0Od0jAeF4xHnZoDl2909yKorD%2BGOT82mmPlZd650Cao2LCo%2BlTQhsnCsDWKVz%2BV4Q18ZCUIWD7oRLav6bVhp8fQTUkCY6gLlHz4BIzC%2Fz5i7SDOQOSW2abFqleeQU%2Fpg1eAhIfjBvkv9gCXlf47GtKRcb1p1pAiGlzCg2ZahBjqzArQqb%2FO%2FuTUORIiIVtS1FMkCRFsks2Q4qGBcR7oukkQwFTa%2FWsi3cTyvOVzuCOLOc%2Fu%2FOVQbfjI4tnWgIYu5Ha42DToqh3Y6jwHyOcEMoCi14QAjbpDKwAgue59RbulCzVBdB9C3JwKgjxy4faL9a%2BByZq9WZA6nGbYZOgMHwpSFXEmp9v5S%2BUSyFAfWvM7cnu%2BeuBFStorDgU8tAuDeWIDWrXgpPMQpByUW7LEleF6lbxFVo55vGJaWn9KJuoe8UU12myqOV29j3AGjA%2BYFcK7qlGIp09a0imC543Yo28JEZXYZJmnk46RW7CYBa2m%2Fyze6XZGFfeqbWsxTCueKW8KW3TPK6ddQ%2B2%2BozDWjmBlBYXS6JPC9JNJ7VRDiahVNUAhtZGm9tsF%2FmP7IdTSFYLltEkc%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230330T171925Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIA4XAITCZ3SFPLLANH%2F20230330%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=990214d3f89f4da6f50e39956cfb9e04bb636a26e5ecee092d988856c17f465c

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133246831645769755"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe
Token: SeShutdownPrivilege	3644	chrome.exe
Token: SeCreatePagefilePrivilege	3644	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 4992	3644	chrome.exe	85
PID 3644 wrote to memory of 4992	3644	chrome.exe	85
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 4456	3644	chrome.exe	86
PID 3644 wrote to memory of 2264	3644	chrome.exe	87
PID 3644 wrote to memory of 2264	3644	chrome.exe	87
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88
PID 3644 wrote to memory of 4132	3644	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://fdb74b-dfb46vdf-hnr7.s3.us-west-2.amazonaws.com/ghddytfdygfde.htm?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEKD%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMiJHMEUCIEeUfVwlLmwN5AvJ4ETLejC5pl7mFd5q9KgPsZyUh%2F8BAiEAlpgY7VYUb4jUyEOGERBbbws6wVhlwNPHkV%2Bsn74Ih1wq5AIIeRAAGgw4NzQwNDM4NzI4ODciDJv3XHYJLTkOknwOeirBAlY4ZWoFOWf3Xu%2FJzyskRBgBvCnfbOACGOk0QRgynWsUHW7xsy0v%2FEVoa5WAIA5VmFQmcHOBNl%2BGdXNu55gF5kbKrueWKXQIleVKp4rgLmI6dQ7%2BhNtqfLvjErUexJESCtDiXdotFDtPZCYjFIczBAf3V0GddttOOBOBMTROjEOw33BZ05DRmw7WvybAJXT%2FcRhMiDK8nEsi8138uUYESvKJLMyeERX9Wxx%2FV5w9T2oJtxkuzPPJXI1SHxvZxjH0fp18ViBtVGEz0Od0jAeF4xHnZoDl2909yKorD%2BGOT82mmPlZd650Cao2LCo%2BlTQhsnCsDWKVz%2BV4Q18ZCUIWD7oRLav6bVhp8fQTUkCY6gLlHz4BIzC%2Fz5i7SDOQOSW2abFqleeQU%2Fpg1eAhIfjBvkv9gCXlf47GtKRcb1p1pAiGlzCg2ZahBjqzArQqb%2FO%2FuTUORIiIVtS1FMkCRFsks2Q4qGBcR7oukkQwFTa%2FWsi3cTyvOVzuCOLOc%2Fu%2FOVQbfjI4tnWgIYu5Ha42DToqh3Y6jwHyOcEMoCi14QAjbpDKwAgue59RbulCzVBdB9C3JwKgjxy4faL9a%2BByZq9WZA6nGbYZOgMHwpSFXEmp9v5S%2BUSyFAfWvM7cnu%2BeuBFStorDgU8tAuDeWIDWrXgpPMQpByUW7LEleF6lbxFVo55vGJaWn9KJuoe8UU12myqOV29j3AGjA%2BYFcK7qlGIp09a0imC543Yo28JEZXYZJmnk46RW7CYBa2m%2Fyze6XZGFfeqbWsxTCueKW8KW3TPK6ddQ%2B2%2BozDWjmBlBYXS6JPC9JNJ7VRDiahVNUAhtZGm9tsF%2FmP7IdTSFYLltEkc%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230330T171925Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIA4XAITCZ3SFPLLANH%2F20230330%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=990214d3f89f4da6f50e39956cfb9e04bb636a26e5ecee092d988856c17f465c
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b3429758,0x7ff8b3429768,0x7ff8b3429778
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:2
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4864 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3228 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1032 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4928 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4496 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4764 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4836 --field-trial-handle=1852,i,14839913930859651934,4135566884491553728,131072 /prefetch:1
  2⤵
  PID:3632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2784

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
6024fc0f6fc6701ea0eee1e2f04d0d2a

SHA1
4dc0d2d11d4919c0aec6ae374c69c6736c1b09b4

SHA256
09b58a2964ce5ca3e50b77dadd68cea5720abf4cd377ce2fe5b99380cb0ace0d

SHA512
032ac85dd3bd8e11f6ba8addc90434c3b85382d9bbe83244a8a1e69214fb0121c0be89bb15b07772133d1f63e8c64f909eaaa97a0a0fc8b4dd6ab83b23ae3c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1016B

MD5
9668637967cac5ac99ed27fb33528c39

SHA1
3cb5a0df2d4e9850b5f441dea67d02dde348092a

SHA256
6d70ff5cb80ad5326226caa30fe21e7e5216cd4f50f07e85fb4d816c38c01bf4

SHA512
f186b2eae312edae9037d54b861435ef515592a6dc81292531a5c2b66ceedd0c126996cba007daefd6e3b0ae78e1944e3f230c13cc55f8dbbbea562b1243f860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
c037439f813b05d94dec55ab4f7418e2

SHA1
ba09e07c709661b0cd2fed413a19adb83941eaed

SHA256
f0f0adad00084aff0ae4c4edfbc722abbd0974ffad80e9b6397e968ec1e6fbfc

SHA512
19adcb2d9c661d30f56ab94b5ab56e99710f295948ce1c12f41281c7fa0bd4a09a905aaf21cb3794c78c37db0b388178792b6b3b33a7f2681c4425a8c0cdfd9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
b8e790ba4e95cd05003b7ef815965c14

SHA1
b3db289107e38e9082e42b6800dd10e8eafbe487

SHA256
22b84341ffc38caa9ba81ae17453a8aa6202010e3cc7d34f7a062f567b8f143d

SHA512
b2142d24b016539497609f889e66e87f517c619f69da2315cb2f879123202b4f60f306c8f989da3f7cb7a259e1bd960d374ca8321d48f95c744ea3b8afd818df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e0415621361b6d754aa9495bb443cf73

SHA1
570919b773e17931442726f3edfca60bd30be00d

SHA256
ce3d173e9e52d3976b24113e53372a25ebab95088452d15381daddb8df42e1b8

SHA512
68ba40d8f263473d03333e34613223a539fa8ed8ef534151e1f00463c8661d40c6dd9cd6e41e83be599e27fa19e9e0310aeec479fe31db679e865ee0d1e51c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e927724c4b913e329c626cce250583ea

SHA1
391e36d0594974c542f08267a1f557c17adc0f07

SHA256
095363327cb0ef5d57cbf703ce6c3e452999c97dd4010fe7ca9e094243e7c8ad

SHA512
fb7059a8678476ade5eb06f0c98bf8346ee628ef6b4450adad85f3745c2d20b9366fe2fde11390daf641c6a4d48be1c2dbdc7352a23e2a71d050139e6e9d5a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3e30016e6a3f9107f1739192b1a2426c

SHA1
a0bf1afef7951dc29ae9017963c5f3600e9a1b80

SHA256
4872701200704a20cef1c6e0e7cdd68453fc41fc7c8ba96798c5091ff7c8bc02

SHA512
6a8ea2932301be6256b0d729c32b5de693077ecfe0f49a9193e5b1546c2ca8ff42e5d85f46e9f7870da2ca2147558b81af3da6da25b47fe0caee2dc4c29c8aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2bb1d2d52561ecfaf64a63df26ffc968

SHA1
fe1f6000f9df8aede75f0ca7b15bffd25796cf7d

SHA256
a06e5ba4a9501c39aa1af0ab1d273f8b48531b321caca7de676e4a4270b8f015

SHA512
adb6b7e3ec6ba30af4a42fef19f4b210ac7fe29b734f38a2e9be13fe83b6e9df8a14ac63e6305a0a5c5ef491f0e523bdcacf66ac17b98200054778577dd9bb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f68a793cf357ddd88f825c269831d367

SHA1
47898db8c2364b957f0bd850143f0a2aba4798ef

SHA256
e270e9b7c9d8691e1d3b6bcfdbc5fe6a05823f4249970eacb401f51112b433ee

SHA512
638013ee452ab1fba4d453b0c0ad629e1d6963843001e8fba342c643a6250effea7f028d37df4af379d4d97e455715ac051e18fe09692d57389b7ab18c609fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
6986382d85f326a846bfd4ba5118b7e8

SHA1
9285b3dde54225dd74130287d0da010ae76bfdeb

SHA256
6cfca76b309452fbdffa57b3edf8952cf83ec40387907bf02307465045e8dbdd

SHA512
495815dbb7d589a11768ad02f3c96140e167286484352c9e875f7da54401aaa8eccfee94df651f2c9ec4f8aac74f98489c40c0b5e284eead6d4a08d056534c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
fec48161613d239c8bb1349108e85f6f

SHA1
23ab04e7110b8b1b38fbd875d3c8bb0f02704646

SHA256
29e81663fc70f53b220f4dc14806f7d9dbe9f52612d2ce2bcfbf37ae36290647

SHA512
58a0c5bb3e0896cfc4b8bd3121103188753fbd5a0ed0e270644a38227b199425d3578f1c7f768156d895345e40d3d1ccbc114bdb7aca9a90fc8d3ff91d25bec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
9183295c4749a9ab4bffa64e4bdc26e7

SHA1
9fd524bd3990b0163e2410a67ce06170a803275b

SHA256
0944ce2ca379f69ea07305690edd1317fa3fcb53005c2d858d870a8b7ec46106

SHA512
142ebb580a9b7033982f7bfed05e09dad6c434da2a6408e518cd234cf24cf10b3e2825b39b4d3b32e3d254abfbcc3c2be050bda8023bb8c85933c16953edcde5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
163KB

MD5
0a55860fb3731e5beb9bdca1b61befaf

SHA1
72e795d789ca200f02bd675eef4d0381b01bef7d

SHA256
ffb9e2ae561bca2f320463fd1138a1fb8899fdf6ff59cb76ba30f96d8a041858

SHA512
15b53934e107d8575e389c7a5b864e0fb86f8d4ef5c1c34df11d2d158f51e7d8b4b710ee1285c99ce4fa7bbb801e234baeb00f20735f46cf32db11f6f9a2aff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
71269f0b689519300133333a19570498

SHA1
8c8fd499c6ec2f5ab74dc1d5e8b7987eb24e279e

SHA256
45149485082b6ac6fd7e8de610bf424a0d586b7de62f4fe04c8b3452de57ce05

SHA512
33ca7b96b043392cfb18e8ec8cf7876880e0138636f79f6b19cde71877e4ce6e3d47beee9a978be5232c99c2802b7fce9ecb296900a8e1d40930a62788d175c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
357e4b462d9d25cb759f05fba589c962

SHA1
b1fef31172f4cae5865691cc58d036f5253cf423

SHA256
8c2bd29cae94871a30668ee1dadde40ef0194bc49754078cdef0153c19c11a5f

SHA512
18af2835201beb468ae7732cdc4c000257ca0f00d240634aacfbd4362563cb45dd56d3e655e84e396c8ff7a02c44fc36f152a2972332f3340721c496da682163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit