11d1e18e67aca67e930efce3b2ddc7d7996d56a8fecdd5eefeff427ba6bb4779

Analysis

max time kernel
211s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2023, 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AR_Aging.html
Size

83KB
MD5

ef38e8a06dabda8c1e13c89f626a3fa1
SHA1

bb5177706d8cdac9abf418a417fa98c878076394
SHA256

11d1e18e67aca67e930efce3b2ddc7d7996d56a8fecdd5eefeff427ba6bb4779
SHA512

bd508b05789c98afed7c70316fea15793bde817d9f98f46cb412003f7498a1720d9cd0c43b1a4d336f17aba7e70adaedfac53f4ccdfe47646f1824419876e94f
SSDEEP

768:M+q+uFwUAmizytbKffq9Q+4wFG6GgYuGZtL5aLmFzlnQtWfEDGbfeXyWkBXle/Pz:1yEfEDoWlpL9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258450815328476"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{C1AD3C00-A1C7-4752-8C75-02E9642DB383}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 4628	4472	chrome.exe	86
PID 4472 wrote to memory of 4628	4472	chrome.exe	86
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 112	4472	chrome.exe	88
PID 4472 wrote to memory of 4400	4472	chrome.exe	89
PID 4472 wrote to memory of 4400	4472	chrome.exe	89
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90
PID 4472 wrote to memory of 3832	4472	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\AR_Aging.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e6f9758,0x7ffa7e6f9768,0x7ffa7e6f9778
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:2
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4872 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4788 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5320 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1768 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4920 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5524 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5340 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3184 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5468 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5880 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1132 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5828 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1832,i,16620790796350493765,16465106757833540053,131072 /prefetch:8
  2⤵
  PID:4480

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
35KB

MD5
3ecbf8ad3a5a88461fd3993960fd1570

SHA1
c65af29279dda7178b3bff0affe120cc781dc3a7

SHA256
0269eabb2c1a4d81e3ffe27b15b24a4682c02556b4147423a0b207b9206a992d

SHA512
48744215c96cdf75a791fa393ee790765666636e26d07f44bd852b9f7ea584eaece41788ea0bdc778822fa5d0aeac2f2d15a28f99a6147c9091e095f9b1e3251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
2ce9704d57c934ef30d3f75e3949eb5e

SHA1
708db58b2c8b8a00c9b98da9268990966a9aa32f

SHA256
954a4d154d931f77c50be3c4b08dba2590d9c53cb83be47dc855938c3ea75a78

SHA512
2fb5fa2658e24b700453ff223469dfcfff73e4b6b22215bd28960b69dc8baf223d218db629c22a335b38acfb7c61b3b1c61bf9bc6b0df3bb7b7575b1118da22d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
90582dafdd5c551d26bb9028f0318d95

SHA1
bde36b6469367de84a337fb69c86e110397f2c2d

SHA256
19251934085e4ac056f4272d95e50464e050cfe3941eb71aa817ac16b6992cd9

SHA512
7398025d69dcd6bcd8b4a2840eead373d95a2214e873abb00baa28aa5100f8b6f111c6617f4b48d70d5372308ad952673109ee19aa1c46fbf33f73d88a2300c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
bbe1cf3c0543fd14006f984d6da5143b

SHA1
f12e71c8620c25d5309932c49b8928735dcc8e48

SHA256
1734b783afcc4fa4680f427ed8b6aa35fd8ecb7739c3dbeb1bc18a04d71399c1

SHA512
27d5d235582ea94564b603006389958a8e3292fa42b5c324e4c854ee584231db9ce8d94c263f5baa411dd2a35d6d2b069efd5178a021d2c5599f7ae5ac94f9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
23c97d8743eb471ef3f6ae6f3ee4794f

SHA1
57912cf769377c23ea4d7c079b0e5b48be6db988

SHA256
5c434669f6a613dcef80ac7e8f7c87a9b6f62df6544eabb5bb86a6adb1c89eec

SHA512
ec0358e30d504e9ef7586507bb9a3182274f1771821f699ca2b25791056db60b829218adbe67eefc8f39017348cf7574bed1ffdd0d6c6cb440ae5f2559718ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9aad54f6680de97c097a3b5239419656

SHA1
8c798406a3bf0265adf1ad3edba132037a82b48a

SHA256
091600bf75b1837a28136e0c1c208b60917b43b57145bb4d26ea8fdc31b4fb91

SHA512
7141c3a5bfe9beaeaf570358545532e5a635d70b892aebde58ef9655bd5323e8e0722b8e833d1a20b78c6bf74ae431d1feddb8c80c4744a497c16fbe10e4f174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
5d7ebffc7fcbe24b892791f4845e1b65

SHA1
8fb455396f934b735be93b53c49d60e252661fda

SHA256
c302e3e0f4870b69d1bc0e298fff6f4410308eb898bc9f03854e3be512747ff1

SHA512
497f9174625292de867093ad9d701306c954e09c203f2a4c304edf29d6019b3c2f12cccb6f6119e45a23c5d424cd20c2d2b77d0dc668e4aa75e0707fea7c56b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7cf29878acb17198760cf531341ed4d5

SHA1
6424c705f3f1c1b76ecb73bfb074310718e14da0

SHA256
136fef525375088b0fdb97ee951e3ba13c14181cbf388e24ad51cdc8cf082bbd

SHA512
5afb85ac82cbd57f7a42ef37d6135e992713e752d7ac023d59dc919fdd6ba55a4c12e79cee1844774962e2ccd7d6a601fb0659f09c6ced2c0dc763c836ed58e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
7a59a24586e7d246eb1219858e36623e

SHA1
1dc9288bb70ec585e222617842e572b1238817f0

SHA256
221c2f8ca2c24606ced2080b29d3be6f0add71ebc2e7ee99660f02d54aa55ae3

SHA512
e8562bc5d97efa2e491cdb3125aa85926e7fd1d8c46c897f0715aa93747bb04d690c1242c37d5df662c44497a56e67a5b894ae304d71b9dfc1f3f80c3d7211bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
91736a524c2d1ed6c64e4118676d9776

SHA1
dc401fd4be11321a90b4d2dcd7d4e076679caafa

SHA256
e8f7c058769098b60ceb0b5960b09272d03fe8c55f63a9cba3fc8ca4d7b75b6b

SHA512
c2c2126173043fdcd19d26406fe048d1979d60d3950dd17881ecce2eeac1975de168da513641e0a4b5d653e9751e9973b515f8d3c2f1234dc3190f62b6c4c16d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bc075e91b917f8c570a80942ad2f4451

SHA1
2884607858a4fdd514fc620a9eb9039ed800011b

SHA256
f4377b794bf2d67202bcb47537f08f7ae3d5c91fc97b9ac6fd7d3f49d8c0266a

SHA512
e7c2c60576b2fce28adb08575843e1d4015193707163600d5e577b43da93657f1650f612584fadf449d3f39ed5cef6936b85d4dd248b398045c0360d97f721fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bdb3788e1ffa6f2f7b22b12b7648f08f

SHA1
7501a302e585c2ffcee04def7ac70334ec53357a

SHA256
e50eb8999c077c85d9ca0bf781c971b678f999e38e2a46eb0bde4e9ae36e466f

SHA512
5d94f9c1da905cd2b394d43cdcdd4fe26171f2a6c8a2de8dfc1a1874527ae586e7f1d38c0f1136253d69f0b8fd34ebb6b0302608bb1a3dfe7fde6b3597cfa351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d3ea3c82a406a5cb865500b010ddcb89

SHA1
7ee0e837183a3ac31e33ea6ace3c1d4b4bb378b9

SHA256
1c92bcc2dbd29ad3fa1b487f18ac4083c89fdaf532a66239a2655246c5746101

SHA512
37c3a76a0a0340adfd915a3ba94d808312d780e66c5b5094d40d2d34ea188160f906f06c41abe9d0f344ac6b6fe1715d26e0e4843a34dd1f9179f7f1814ff002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ffd05acfd074c596922b0518b3c4947a

SHA1
adfa57e8e433a98fd80adb0c7e551db977aabc10

SHA256
9326d1d1a3d0e54fe6146f0ef9a3ad9934196025c929f0f5f7d7a2e448964b2f

SHA512
32660661d24c0803f96784d887c45017f25bb4fcd328f365b4c7ad97f11544dbd08ee4cded1589339212f703bcba6bb261e611cf1933b9bbb34dcb87bc6a3272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
002b42f67a8257771a38042e474072a6

SHA1
ba983eba9f878a0457eff02ec17e2af86786e8c5

SHA256
ffc0d0892a3e37faeb738fbe5cd1e0496ca79c61ed1263a94b9157c3fb179ab4

SHA512
1a26ad37e8263a014b098cd23a554cfca0ff1995abd4e90af6ae87f1862069cb9d385c9d9427e2d39f69987472551264638f693b175cc620869186f623d4a1e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d967aec08602943c91d52f53d4611daf

SHA1
fa60fca6259210472e2e57db93126f342fbd28c0

SHA256
8efde65355178b2fb26ba9456cc2287b974e7d0ee2e13350abfa3307ac2230bb

SHA512
de96dc7318ba63fec422bcbacda14b5bbf466ce7d6de76a7f57bc1f196172f31a044afe49058eca990fd3e29e60f8111db03c65ad8f5f3b580da2405d22b3042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c9d37d902a2123086ad549c1f37b6932

SHA1
9fb0e5404685e790c5fc78707cc0990438684329

SHA256
eebe31820bbd2fc034ba70815f3dd01de4a8addd95ab5393d5ba4e3e7306aab4

SHA512
5246d5c78f7670b89de503197e23d42723e0600a6da2ae17f840f01bdd93b96b648a4f96d28f54a599c389d0100c10160347db957ffac733f09e8a81f98e697a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8dddaeda29c239bdfa9a4034b47b82ae

SHA1
bd2b941dfe5a6cc8d59ef13e36da3c02c91c80c7

SHA256
c39693e95c722deb40e48689886c9bdfd5b134caf6340feb6be658d2cedd301d

SHA512
910cb1025f91abfb4a6e839e360d6d6ebf7678fc60ea60a122f27e889aa28d49021213f624b511c05cab6d1125279f3787027e98a6f5e505574776739e7d87bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575e5c.TMP

Filesize
120B

MD5
77034a2be2aecc0bedd0757efcd9e68b

SHA1
1cbc0c2f454d700c028b7592bcc1709c5207de72

SHA256
cbb0c9f41ed3ea1cf4cbc6052ef4a97b20b2ae4c7ef5005ec0bbbd889c85a77b

SHA512
a928a5c99b936471f692e1d2b584362b5876a911c0ca99dd99305fadb27dc230e3b7c548a5f659c167f0b9f134794355e2d66f213f47cb3299c2fc7e3eb4b83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
6a02753b1adb9c327f9d57a5a0e27a7a

SHA1
103578ac994373e7ee4b4dc5da040f3d358a1fe3

SHA256
bd6adbac7d10cd1369155bdc4afe43a85a90e0f022dd7c17940c75f18e32faf0

SHA512
e016ceb27a36400aa2d9339ad346ef570004a5e4a0ccf0e73f06d45b1923abd02bb08ae870d70ff4909c9dad2e0b44c5a013f8d4127595c8772058de9be50608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
7fd7943bb24ee54e94b42d6330f68aee

SHA1
f67c3dff9190d07d5d48d849ef87047618aa0637

SHA256
36bef6f3e75674cc54dd9429c3a2edee90e604d0693b864e2da74c9ebceca4da

SHA512
b56d699fdcb0e0114a5a2290cdc1b91c86c694befd808b0b81d49d921e1b306a7354c8f305a5fb2651a169d1e29e5548d2d2743ce36af1e7319fa92f375cafe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
3986fd1e28a921dde0a93bef8cbb9d86

SHA1
8b90f1a8058faea4b7e20d1dc894b92923699993

SHA256
3ecb58d14b0e57e6d867b93d771eedff087ef920de6ef14ad33be68ecd4ef941

SHA512
f370a262e8f7acba289a8db0722b0cd8d340395ec29e0f034499cd56f0dc9c6eff65c3a94ad6b22b6bf54552c1d1bba095fc11865e7c2e3748591da3bac6fcf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
edcfbafe16a00c7698ea262f556f151d

SHA1
a9218eacab49e056fe59e309c28eb629a7159aaf

SHA256
554cb0bd7371386151c1ff60924e791f6009e48aaf59ccd294cf1362fc8f04c4

SHA512
8102ba2c988244af163e3e380a54dd66dbec1c6414efb84c1099c1a16e0fcb434a8746eb6aa3b839d5b970dbfc9019494dade472e1056c3238857574271ab2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
221KB

MD5
ee7cdaef8b8c6bc7bd35602e3217f77b

SHA1
9ce6d56481ddd7fdc747b61169e8e8417528a8cd

SHA256
81a205f28eea2f1f31bced00fa172bbc8733c089b517518376f5a00eb992e50b

SHA512
d374f7163569e926485d67f9798bff93a572b7f14aae0ff5791f8bc47941bf0b5742fed37d158cc56ec1e7257c87951a22c5007849d2fbdeccbc6420addb8a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
6dc53bd1d6d3c9c5c3c6982eb22e61af

SHA1
83080369e27fe1408021d116bd77cdcedde718fb

SHA256
54e0537b3edef88101546250613bad62da286b659460b75893d3873c4854eae4

SHA512
4acda3221b8ea7e47522e4f280325c963f3a91f794c18e25968d60884886d0b7140fe2f038fbba65687552ccab58ef47e102a748d3203f4eab0ba5b9846f1882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
0b779663ef1a9b928297550a7b689263

SHA1
2c9e1f7175e3c21aa53eda3037181dfd2cd9edbe

SHA256
c70c856a9e587966d855e893ac871f88b57694b7947d0f8a8a31b8fd7f39564a

SHA512
7cbe2e071a53ccf2ffa5f5acdf31fe4aef53659471d50b4052f8e996c6dc581723665859e75bd0a9a46cfce405256ec1ae193389b998bfa64de92198143131ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe577724.TMP

Filesize
96KB

MD5
1416fe40cf69cc148b4438f62f8c61cd

SHA1
906852afd65b839d834ec651394ba83499bc5844

SHA256
49482adcb741acd95d4c65d4d82a7c587b7ae4471c6d96450b9c2bf24d746a8c

SHA512
da99a176324e15315315f5885839730ff037f961515f89325258bf3db0601a4385aefd72c50542cee2618e3b3c685df9e2a0b0d3d8c3319e76b89fae080a2a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cb44056f-eeb5-4abb-ac71-585de06d941a.tmp

Filesize
201KB

MD5
c96cfa00d08444f78580e85983eeb3df

SHA1
0013611ae005def40f5adcf92c0eecf316656d1b

SHA256
2f1a3fbbe8ada39b37fd496536284c4698e72bcfe2ff29476ac184127b0ed855

SHA512
528d1d0ab3a55933d9cd7385f4ab9af15d8bff009411bc92a54085d7b7e1a6e1c0a5526529336f26afa1ad10ef03fc59c086f3fbde32a089dc8a93642cea7af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit