hxxps://filecr[.]com/windows/adobe-photoshop-2023-0061?id=138197827911

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://filecr.com/windows/adobe-photoshop-2023-0061?id=138197827911

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247661889412737"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3936 chrome.exe
3936 chrome.exe
4480 chrome.exe
4480 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3936 wrote to memory of 3808	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 3808	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 5060	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 3436	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 3436	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe
PID 3936 wrote to memory of 2372	3936	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://filecr.com/windows/adobe-photoshop-2023-0061?id=138197827911
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4f719758,0x7ffc4f719768,0x7ffc4f719778
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:2
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:8
2⤵
PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:8
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4916 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5256 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5632 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5600 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:8
2⤵
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=908 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:3736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5044 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2740 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4660 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=912 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:1
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:8
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 --field-trial-handle=1868,i,11493389239455889233,17373296407636172016,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3800

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
116KB

MD5
0c8a188a8469907a280eaa5cf004734a

SHA1
9bc9713ccd989bd3a6c6abb1f5cc1fdfa58d43f9

SHA256
c1baa5c8dcc8c5ee85633f39258ab0570e98e5593e56097166be1ace0235909f

SHA512
0a4ff54ec2b13fd82b14da033fbf994221f56224f3b08720e55f77b6b7a48ae1546969580c9246c24c7ceca980eb68a1e0bae9290a3f5dd8fe89cd8e663df9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a3a289a7a85afa5d_0
Filesize
3KB

MD5
c98f712ac3d996d18c08627a0bdc6fea

SHA1
2a083b3a3b53dafe1a7b25a9a0ccfe07720da7f4

SHA256
5e4e7d6fa65ee9d0672905932565c8db17dd64b72f94c57c88296390931531e8

SHA512
cf542ff1987392a1818ea84c7d11687346ac0cbd4463c08ab8fbf26a91c440795003534d31ff5b9da641ebdcd0c61e3c1ad9b3d84a3f0fc818701cbd59a01d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
936B

MD5
8784951a44e5177fb854e7bcd30f20b5

SHA1
6a8906c371b7306632b79b86d132dc34cf8d9f32

SHA256
518129dbfa7de3450f8232ca1be752af813bdd4a1e7184b278b97c280d236b08

SHA512
f647b480e753763bd51e1a9ed48ff8204f0ab56b6f7a82f3717d8e3f15128144220a52574bdfde5e1b16461b671315f10f411e82215576f9a3d1493e70e98235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
cccdefd701707377bed820a9ecea2da6

SHA1
170a188c9d832a50eac2bb26fc014c5e67eaa1db

SHA256
64901fa55128fd74f411b9394097d9412931deb4016c3cac87bf84266c50b27b

SHA512
1ed7f74ebd51eff1c45e8e9fcd57b69cf3b84b041f2f7e4ef43127e4e20f2aada8318bb675a80194310443749f9e07024c6951636ead1ec62b9a92b651fdce87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
8b2fdb32641dc45b47db3bb77b77627c

SHA1
a67679998c8845d4bf3a3f8880da8846e8a24dda

SHA256
d504f58bf0f008a648d3e41af7a7c2d3ae86f6d969a6931bf679e04548726110

SHA512
b50863e2a93f4de3299cf9665f2a9e0e37e0f37d02ad990b490543b1db3b9ce36fde18366b61d7c899c4dfa88f59a6e48f1b1f2f11b1a738c952dba3591f47ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
c9890ed7c5645423d3f92cbf91c32524

SHA1
721050a0fe6bfde2b080af7f60ba6a248e745901

SHA256
5797ad37894bf0a9fcdcdf75a681869706580667ce7f335126bc3617e585b300

SHA512
b7d1e9f91fbf9b855c44e2c086017c751dc0c0fa7655cb0362a52f817803af6f50a1ef24effbcf335acd2c32b0548c0fc22d1b35954d52efea3310076c9d3316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
70906bfcd330032cf4a9113f8953c9d8

SHA1
83f8bf9eb88e7f14d8d3e78bb726ddad5f63aebc

SHA256
fac73efcbf59e4bb39b5e6e2b39f102c1963881ba55e5199cf830b5fd7d64341

SHA512
577999c84e37eecaf9ac8785db95e8ccc581329aaee9e28e2a09b6134c291d60acad160de402513b1ccbca4ba8f5b8271a4d5e12830f4c9317eeceb2fcd92051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8ecc78d2212aaa9deceaeff2efb4d313

SHA1
f48d756fc75ed35f41ea57138fc81ba4aa97f383

SHA256
eedc2cd81e57cf524b6dc41d62d94b5c8b8ea9e2cc6d0aa050d818dfd7f99d01

SHA512
e214d60d3f2e5a7e5f98d6cd1540a327ad58b8b37ef37339841fdb58aa063bb47cdfe0a6a7a555afe1c4574d21818a6cdafd380b700e54097dce9badfa4d7ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
5fd7a84f720f20d4f7b6f33126c2e5e6

SHA1
9c16cf5a69fe3b7655f3c2377a4cb6bc3e52d3f0

SHA256
d4b306b3e2b3c5a1bcab61500ea9073379fb06745c2a6f7b1975e63055c0b42a

SHA512
7d66b358f8b332b3a51094db507bf2983c962e45e1fc9d3e0d5ef76bf6f1148ab3412afd66874c686d46ee9f79d087a6b650ad6c196b76ce9757a364754d02ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3c952c5a6721ac7ed1a07038f420b7a7

SHA1
fb419f6fb18de99615bfb6feed73a976eaa095e8

SHA256
04f344561ffc64898616f367e34863724786a1532adb9d5eb67ecb4e918d54d1

SHA512
899b41c3b8579ea76a635fcc2db2bd7563e477bbd5ef548b3428b1fdf261a956565b767c56e5bedbb1bad141995b110f4d848523b2867b613dde77542f3c55b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
43d76d0c46960e70f2d824079d6933a2

SHA1
f706c7332dd28652c74305289c2698be3089b9a8

SHA256
4b89bc7ff86d09726d0f6513f8f98a5d830bbc5d4d3a5ac9b9faebb9e7a857eb

SHA512
a463ab526689110b98ca1a5d05b16a05b49b1cde9bd601496d9f92d18830ab39ec6361e72ce5d12e1ce6850efbe91a81e8b2e979eed5714bf1a5ba072e0a86a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
5c4fe8080f04cdf833eb733e4fe408e9

SHA1
7eb3215b0d5b3c193654ca581d34adf16caddc2a

SHA256
9d4f7d145e1ea4cfa6c07c9bbd7d79d1313b788c8c1b14be81c32a7f9481f593

SHA512
717c557ff3b4545a304059aa5533bf9cd8eebb4c1ff8b081510ffc566bab1ad02b0849ef36ee0a4f63e5a297d004c24d29dc8a0e8af6a6bab99285292e3a0216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
5246b5127841c9b4e6b19831643d492c

SHA1
515e64a2cb8bd0a2f481ba5c65b5ac946376fc5e

SHA256
2495ed96691e478f1e868d2175044dc503f7938d066921b8faaa44235a62cc50

SHA512
c0fcc467a1d53c4b71eb3982307b70475f0fcc219978b26640f43cc9a1f03fc4d483ef75e19536733b36df33696ca5c5a3206176a5d5159ebcf14103144188e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
108KB

MD5
444ac253b266cbff0042a404121d9798

SHA1
b49cd502eed55ad8ed3e0970d9209f94873cee1a

SHA256
9233b3ce569afa31aa3e730800ab01870694b7678343f914f819bc7d7ffb1848

SHA512
74e2d3bd81a8f72ab37ac9c943da543ff398b30741c057d17034aef5c5b7ba08e89a3978382ecc375ae7aca70df112032a9576c435180032b66dc9a05ad71ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fea3.TMP
Filesize
103KB

MD5
04c57ac76fb6ec3ee34d4c5f4c048160

SHA1
40e934a6c140147cc16f44b08be842a179b677fb

SHA256
02502e1a7f89ca94c3ba224f4bba22954a61b6af25f45e3b906f66c9ad046b3a

SHA512
547e823b2493593dd9d780bce5a91244b1e06b572f2e8c23820495e836117b0cd028b3b32c062cc95a17c6f82423a5230a2d2fe40f2e11daa29f607d061a50d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3936_ZYQGBNWABSYKBOUE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit