dcfbff4a02635a37e560e6685fb74f85c0d6354b320068eef6f8d053ef381fb2

Analysis

max time kernel
109s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

my new game.vbs
Size

49B
MD5

837d571def63c869281dc2126dfd366b
SHA1

5038841d8d28db6601de3c3246ae97c1bcf97cb1
SHA256

dcfbff4a02635a37e560e6685fb74f85c0d6354b320068eef6f8d053ef381fb2
SHA512

3fd3373e0db61dac0e4491921c150c6ee770bb08a492d54532ae65b0abe0da4f52d6944a6fe1d484b640c7e2ba9cf736426e0b878d0bda07e07216b1fd2fb30c

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247721787508529"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

2036 chrome.exe
2036 chrome.exe
2036 chrome.exe
2036 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2036 wrote to memory of 584	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 584	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 3112	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4700	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4700	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe
PID 2036 wrote to memory of 4664	2036	chrome.exe	chrome.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\my new game.vbs"
1⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6b3f9758,0x7ffc6b3f9768,0x7ffc6b3f9778
2⤵
PID:584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:2
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:4664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3304 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:3104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3300 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3248 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5540 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4972 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:3696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5684 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5872 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5892 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5812 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5548 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:8
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5732 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5396 --field-trial-handle=1844,i,18351245845601749239,3499285781965121587,131072 /prefetch:1
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1912

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
627a0b0e2c67cb8f3f34ef50af4f6869

SHA1
56389eb2c315b0f595035e3c1d02c30a8ee58e55

SHA256
f6bd4254148e60134b0299e9cde6e0931843efd96eec774a08d506c03540ac6e

SHA512
119a4c851f2166964812a68f91b72d96fce5f4c273b5c63cfa8749a10111da1a67301d3492c06439f46960e1bce69ab197638fbd6e0b4873d9c4d9c01e0a8425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
ac54b605e1514d84bccf4308db568d8e

SHA1
646d19c7f77258fe7993a84adbd618a8587a0dab

SHA256
983e7df75958d926f81d107dbf1ce9a6f0fa7b6d8c90c79c6c0d66fed876bc08

SHA512
6291a45cc617bfa4ef1551718554ea00a2626218333b0e1a4705c1ca526b7756e4067394797076b1f684225a9377cbcc610ba4ace9bf501256f0ec617ac19d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
c5370ad6a5337b1fd68c2f2cb8e6a088

SHA1
2a8363afee867a8ec9f1880a2ec1b6827c2ca6a8

SHA256
ce52d46d30896a3571f3039a019c559f1ffe016e9346e0bb777f0ea7c2a8caa8

SHA512
7ab54a13ee8371a0bc7ece3be10fb767773ac294c231e578d57b0febd9ba3b4ea89c0cf3c6d342e6be2c227aa877b6a735e1424b46f9ccfcb963aba615e945a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
e0fb4d2460481e79a219cf454d027160

SHA1
43ad5a1c01151f4d1bfdb4cf2a517573f245d4d5

SHA256
1dec363ad0762c907179edbe9bc26be845ad108d2acfaad1f2661e5d1766b7ea

SHA512
8b607e737805e70b2e3cec381dd12b48961a4c011484b288e334e6bac81fc2be68298fbb6010414ec282045607813fe040c726356fb13e9265f05dfa3f79f22e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
25909f96571f43f1a52c19736c26d360

SHA1
d81ebf80038ebd12cfc3c385e45670bf9bfb50b4

SHA256
932af59b6940c75057db0f6a976e67d4ad715a270828679a2ea1154db9c26a07

SHA512
f0ca595f8bdc21a3d5bc8b288c75527acc1a26819b429f2771be72af6959e6fe8ade06e839731d622eb182bda790a92fbbf7eb5f00f9e26061aed0b25cf60761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3617e1cb3da77759f098ec5802112dbc

SHA1
fd4d2e0f51db2a84e8ac846b1b9cc3c85310fc05

SHA256
3419ff02a0b969931ccdd3fca75a25058d1b9ca820d602bbc2b57d337a0c29c6

SHA512
cafd85c1a186ab51d54964bf7daef058b37a3b09255063a8955aeaea2ec409456baf462ad57fb4303786a37fa67875ff45c3b690640e109bac3e6358062daf7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b1e2133a7ae249785215a7889bbed03f

SHA1
2b262da656ba938fc48877fa29859fee8d4ee4db

SHA256
9e112b955482e56994a964950a4ce95a9bc5486a8444243c3c1da411d612c270

SHA512
0ee8c79c0527362ed081a3adc2dd227a22f13e5b80f0abc8c00b8895ba707606781d4f3cf5cfc4a0ba6d0a33aabeafbaf9da2a25a3e7ba3c685aa32341ed2851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
57ac5a8f6815ed7b619114bdf55ee5c5

SHA1
39c997f634c11a4408f23a7f40543bb2422efc98

SHA256
e77633d5d08ee881b18018acdba897b6288c946c9227eb37de3ac28e55b97ec4

SHA512
8771eaacae048d3895d82892c9e248ac5dac0ccbe75d11a2a5a7ad8960434ee44da298389547d04fd09f8b5581e513cda50e77e40813d9e7463e8b999f962e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c3676748-8486-4513-9a0e-adcd93393204.tmp
Filesize
371B

MD5
dc0ff5e796febdaa2665aadbb5d4bd0c

SHA1
d1eb82915812b1966863fa79948875766b5cd9f4

SHA256
e88f3fad3f9a226d54c0ac37867929a5cfc30440f4acbc7e0c1bdcc277e5791e

SHA512
8facdc1b336c22874656cdc8a38f5c99360087547ce4a33b69890e039f7373dcbfa64e4fc7dd56a809b99377deffeeebbb96179edd186ae1e7faaa822d26a439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
62b01527ce95a7fc5873f532bd59969f

SHA1
71a8d7401d7b44d5a33cd9fcd745831a7e1c0375

SHA256
5e34b5eb60a866886b0631922a1e996748d59d37d15a0956297031d38047bf81

SHA512
1a1ddbb87d74be5aad04f365256d6132c876eabceacf09ae6439202a1d7ce0dff4d6e01077d4e64c2dcca025926f981c25112aaae66057d3cc376860d4e7bc03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fbe10ae0fe183bc213257f530efdbe3b

SHA1
a8d5141027a9540999f5825b1124bb75a67012db

SHA256
f36c96bb387b72cb6c14de6441d978d4fb62ec0554bfd41c028a97c9cde5feaf

SHA512
15328b9c2320a23b227694eb5c8c29f1657c18b2778f4dae80b208beb77bc1cbab2bad907d4e8a988c04823705c9a6f1f2053b65160b888d61a1850e226a5e1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9056a94e1c8f36492a5128283f8549ff

SHA1
2b02df0e2667688928bfeff131fa3b12bcfea646

SHA256
e2cafbbe0a8bd5c329623b9a1290afe0d4772ac373850c2c7ceca8fafc5e0862

SHA512
ec57c08587e7a609c3e1c77104d4732d2a9aa40a8c4ae3f306f8758dafe734701c3423393eb75be1bc2ffb844525eabc03b24b0e7664f4fbcbfb1515b1221492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3fde6037fa34d00a2a7e2406d3f2b230

SHA1
739495f239e16a925d9060cd1abbdb620f76d895

SHA256
b7b8a536bd5ca69ae26bc5479c5ec963bacb21fc3a7db2a6f05170969e6d0120

SHA512
6047000fcc659b270b563eef8eb32445a891216eeed0f3d178867573ef29668e11ea9bc77ffceb1524fd0ce466eb1081bca2a776515a99300833c9c75dc13774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
f87005c2a3757ed150897bb87ef47dd1

SHA1
063237f08964f1b3a1cac464c554b29848d80cb8

SHA256
58016c7547d2885eff94907b191f6e942e39b87a02cace8a2d53b1152cdfbb46

SHA512
87820b4db4d702070b4c9eeacbaec6f94b0e61ddf2a78a03d160cf1daab20a582562e86e8fe522aa6e55d6e288aa8b45af63c41a3c7b85689cd51fa2fb7d1b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
b06df102c6eb0a12dd57b83e7791a1b9

SHA1
b6f32469a42b35c920d2058babf6b28fcc0cda25

SHA256
214aac9310a35b616dfb1236caf0038d26007b6fd5a6ba2064ebd4fd54a42a1a

SHA512
38d43909f880fe15616fac99032f83223892ee0917465f2a661ebaf7e0cba8067d02b866eb56557163db1f7d4cfb2725f9071747f49cb83b19e6fd888c408ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5700bb.TMP
Filesize
120B

MD5
7374689e48ef3e1d3b166cd1b43ff6bd

SHA1
9cb03c504e5b5e83ee9df47a3b95e62a34753433

SHA256
5f0d08770d0f33d8c071ccd482572a2939c99823d1b4a862fb58ef774d1e6407

SHA512
08ba54627d3fe3195fc040f314d100ed7c6467943ba956a5615e33acb557e8745cf33f17306fc1f349a28f8b5a9f2ec05a1cbc6add33f8d87897c68e3ef4e601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
24b2f1a77a4e9f6b81ca0169094ed3c1

SHA1
cc544b85a4be65682fd1a6af8b38b56efa983347

SHA256
44fb8d6ffdda50e0b698b8ed35d0de0ea27239bf0a350221ea7effefe578cedb

SHA512
9afcc0ca079f67da28b4798ec5e745a94074c02fd98d4c53628854601dc520adee96e3bf29176d5503fb821becf758a5ef63c34acc899d6f0d691986787639bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
176KB

MD5
48f19a660968e15b14e307808fe2bb12

SHA1
cf1d57f09e14c2228d9b74800f861851d9b35c83

SHA256
6efd4c0b3516fe9e4f990c92067aecb4c9a47a8f0aa660d2eb9d4243ba0fb557

SHA512
f96fee468a7df9dd3045af025b5751a04667171f2911b47517e670f8de6bd6028d933bd5f781a80b665b889481a334fe56ddfcb9d4b19b63eb54ab8768a820a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
8db3e1e4117024924b8df105e39207f2

SHA1
2082a4969b6b0dc4f6d1be91ee684edf58d8c668

SHA256
2521cf19a10d603bf1b922ba98dddfbd79a356156a151f77c3d458f0c5e7cca4

SHA512
385be56cafd26bf44f82a836b0f83b7e520a68f0b3176dcaee2d8e17ad756952f37d2b47784339df39cac932cfd57eaa62ad945c247cbb225666767e9a6082ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
fe81b8eebbb1ba98771e15e270135bd3

SHA1
cc26028ee65f823009a88050dc53104e4d2d98e4

SHA256
a11f512fe33f1854b4c065c394c7050b6582d852aa5d3026d82c7a6e52149307

SHA512
e8689a34a2d09571a0ace6caff679e83af99ab0f107077cea5ab7be3d7ff1228fa057e65578b11b8682be67d3d90f31ffa81227ce75c3554a999df895518a80a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
8e4b0000925ec778fc2ea353687ecdf0

SHA1
c7b00662944f1e6144d3ed698ee68d436c41a0a9

SHA256
387fd92473202bc783ddc421a0fa8f7dc2cd38fd0ed42a4316e2978046bd7521

SHA512
6dced01875688a2b8bbd822321c60357c051ffd7d3af691a24d661caa35452b4625784abf8c8939cc26e6de39a7893ae10f13d9826f5564e1310d0ba88c1871a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
25ae6c005a85b4b51768c660ef804378

SHA1
b94268b5e063514baabb0d32197523d2b425295b

SHA256
de1daa5cf619d695a1e12327b7a7cbc225d9fe688489cd4f8c2d1af348a39bee

SHA512
92aee86390257550cc522eb1db54d204475539af669bdfd74a74a14e48149f7dd91ad157f03512235d76fabe4afbfc28e1e2f8d6805fe6f365a37c0c5552bbbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
182KB

MD5
9d22f2caf10ed5448a13f94d9401a14b

SHA1
802ffc08909828253a7ae25ca182f33ddaac5c84

SHA256
b6992c31d71cee041de5c92ecc2d837ee8d63ea5d68ca76238293989b9b904f2

SHA512
159e8f3007c084a7e5c40c8a2a4b1b4f1ffd7c9026775b89c8e58ca0e0dac6941c46190c77f78bc5e822dea9098b2d7c982ef7910aaff772a30b984815ba58c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
93b0032e0f945ab30c545220306d09cd

SHA1
19912f65325b4f7155165df86faa4dc96383bbfc

SHA256
d6b535c6787202cf67f65ce0b5276751697e5c0fc6e021a1522501c56550c5ec

SHA512
7f3afcaad765b55cfc99d398cd714df2ee211881f0f215d99dca40cfc83d1a5b8216a1a4404b10c08e52f34284a39cff0773c1b7351e011eaaf2501fc6528ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
8a8a752a330f44e0656b359bf39f7346

SHA1
f20773f5d33e79075b08c39baeaca8673a8803d4

SHA256
c2d707e14fc20f408532907a9d0ac96d76722e2155a637061268af828ab8fd77

SHA512
347c7c7a171110860aa2a3c1dc373af878451d651889a044b8fc4bce48aecc1aeed6d1b3fd3a2d124f12eba83ddb6d84b6cf3e36001077553ba76b7c6bc9fad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57490f.TMP
Filesize
97KB

MD5
f092351452a8f46d96dedf323155e3fc

SHA1
c0ccd9c29dccdc1508ac8463718c45318ea6473e

SHA256
445c467c23ce2f75e388c5abfbf7ed23c5d319223abeaab8fa4e2ec2daa51c62

SHA512
373e1d8bbffff692188f0c6b44391a62661635ca30981e322c33b5e65dc7cd26ccd7ffb6358a84bc285793847271f0d3a869698ff36572218637b4ccc3c2ae9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2036_CMUJZQIOLYEOOPCE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit