b42c54ae8240dd69c9253fa18b9e11d752532a10746e7e11c0b79bc47df160e1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kingdom Rush Vengeance.exe
Size

11.3MB
MD5

725f79a088c663bea0d4deb433b38081
SHA1

ed482631be0031222eb77e114d143578ffac73a5
SHA256

b42c54ae8240dd69c9253fa18b9e11d752532a10746e7e11c0b79bc47df160e1
SHA512

3b5f48185c408933c365cd8da007f4fc2e623cef35f8777906baa26f0a497cb0f0a2a2522ba075f6366a5a2b17753590196d796ccab5ff7e5b9d7b3a9072cc64
SSDEEP

196608:JrqhpbK9zLu1hJt9pmm6EZC60BfxYdRd7Ku:JehZK9zLu1hJt9pmm6EZwBpu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247737652840943"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

5108 chrome.exe
5108 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exe

pid	process
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

chrome.exe

pid	process
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5108 wrote to memory of 2952	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 2952	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1568	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1088	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 1088	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe
PID 5108 wrote to memory of 4960	5108	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Kingdom Rush Vengeance.exe
"C:\Users\Admin\AppData\Local\Temp\Kingdom Rush Vengeance.exe"
1⤵
PID:2284

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffea71c9758,0x7ffea71c9768,0x7ffea71c9778
2⤵
PID:2952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:2
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:8
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2292 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:8
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3348 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:8
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:8
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:8
2⤵
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:8
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:8
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4544 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1796 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3436 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:3416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3204 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:8
2⤵
PID:448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5240 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5656 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5224 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5848 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5684 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5660 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6152 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5676 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1808 --field-trial-handle=1840,i,13252722821237503097,12889322374830260367,131072 /prefetch:1
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4328

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
c731e9e336e0b987c862988513f8b905

SHA1
afaa3d5901c7f0e066d2952747ada9935c6e3897

SHA256
9e6713517bcd8612354bd8d084b1aacd024ff60a0cdb57134647bbc1976f0d64

SHA512
75e33879149fc0060aacfadfc3c15168e07937d30003ba4d0a15b318bdbeb17a5eb6d6007de5be84d47b96cf699b288d80f141aa72822578c17bb9222aad90cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
51f5d4943f607547b8bfd27e9ef5b06a

SHA1
42b595fe825cb08a104998aa7d8e17ade21dbf02

SHA256
172e69478d7c199a8b047d21c9e8367771aa24bd4311899455462bbfad295dd9

SHA512
ce0e187ca179457a671ff8169268c674b3a5f462172bf787aef18462f0df298aef682c670c910cc78d045f5b9d84d1990eda5d7afc258e06370f888bb65783ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ec02ad34f95f658beefdebafe74556db

SHA1
5bf41b5ee262e5b3ae036556c3fec28c548c01ce

SHA256
9d72cac1bfd1ee17caa968ae6fcfe2b78dd69963c9e7e6c6059fa1cbb2bcaaa6

SHA512
04fba903e1d04b940af51428a63292babc64d83146f06873dd7ae8a628fda0286c593cc7bc199508786c94bc54a830655362083a65b04efeddbc4611e60d8a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1eca8c21e8ad652c364f1cf444bfef2b

SHA1
422640576da37230b17ff986f3102dd836a894a6

SHA256
09da6857cae881f545ae82c1213321e948323382dcac83f6b36836eef97e315b

SHA512
2c364b723cec9f8b55fa9b31d2ecf20b8e0cb0ee327be3bcd9d63c0b2588033a4e5507c0a79fbcb1b83f435b5160515021595c484cc379a846d7d93227abd758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
80307caddd965f469443efd93a8fe8c5

SHA1
7e28af63725229ce9796033ebf21d171b5ea05c9

SHA256
1316a089e352d1f557672e586f4c6a335832b16fc6fdb8078b9ce8764e7241ef

SHA512
110603796d8c6b00ab840edc37a70c3585dfb80f266fc2d1089eebf0965a3d0d08a27c13d60396c6f6e1737241aba072447c61d9f8be18eb95d238a4b720a990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
fcbae1c5896429a866e273f862d42f8c

SHA1
e3a90bd0962cf8796cd7bf256361d431c6f5cfca

SHA256
2c004067057c029ff4365f109184265829e997591611fb16bb266668047c0402

SHA512
c128eb46e148c1aee7cbf1ee52df437ab21b186905152e0b9b1c426ec48fc41295d98611c5b09ad307d0dbb655c52467d6df4cd2c2b21c29d2d0548df73d6e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe588632.TMP
Filesize
120B

MD5
6cde4a45042af09625c30c06f30ac8a6

SHA1
dc71bcb02b1ed18ce013b16ca3878a3defa921ca

SHA256
b27bcd21326908fbff35fd02978dd47da4228d0a767fffc45ab31eaceb1e0abe

SHA512
a6e2c4f76a692159ffc26fb7de162989d479d5835fe6c0914a4f6654f15b826ea03a0b75fb782901354d1a7d14e8ba111c6ad371f806b98a495e50205b54d808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
f5e31ca3d8669f12bc112ae76fc081c3

SHA1
f2ecc77e73659c8c4694327b4064e03f28cfe691

SHA256
3ce31e45188cc6a252a21000ba8456b108d678d82fb51f6ec38dca796f313de6

SHA512
de1b3e9fe0b8dce7b031697c384ad607b3b030cb491c59bf5da19e0c49c3c83ed52a72eed24f409f0db9cf9d79a941593bd24dac4b2d4367d559f2d009d29b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_5108_EOQHHRZTPYBLOUAB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3804-133-0x000002598B780000-0x000002598B7A0000-memory.dmp

Filesize
128KB

Download
memory/3804-134-0x000002598B7A0000-0x000002598B7B5000-memory.dmp

Filesize
84KB

Download