553795cfe1917dd97713c269a08ad13779266480716485593d57e0d75ec062d6

Resubmissions

05/05/2023, 19:21

230505-x24drsgh87 1

05/05/2023, 19:18

05/05/2023, 18:18

05/05/2023, 16:22

05/05/2023, 16:15

Analysis

max time kernel
151s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2023, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

login.html
Size

26KB
MD5

7e5cf6762a08294f83a0f55de39172b3
SHA1

a20cb9e9865ee546d0bdb399a8245e79a82ef0b4
SHA256

553795cfe1917dd97713c269a08ad13779266480716485593d57e0d75ec062d6
SHA512

3e5e78014ae703661388403df90ca9f333d1d692eedff6e69a682b09064f81e0faa7fa0b654cafb471e9addb30d44cbc5bc3a5d58fd8c39b56099a2c6f50a753
SSDEEP

384:1V77sGGzK+TpQn7M9cyqy/f2f/Yb6WiZsffGfMfgW3syZj5XCqzGX3f:w+scm2f/Yb6H+3UWgUsyZ98

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3411689543"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31031191"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "390086805"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31031191"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0963208987fd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3411689543"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 400e870a987fd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{099D0060-EB8B-11ED-B7D7-6E21A4042E2D} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d00000000020000000000106600000001000020000000206b604c90d5bda9120c38c5962344777f1212601af979863650d54651be1f7a000000000e8000000002000020000000c877d759bae34148d724d054fcf401d8563c304f935caa404949c850de37900d2000000030f0854aaf71f3d90630bcd82a4adc4d55eeb9721dc4d4f415d78a27a0758e86400000008f41b188379ca7cdc80b894b10c6b79b7d4c335d2cc329fb78cfe007d879db1be56642215c950ae7f356a1e4aa6470fb0406fec9eb741b947739ebdaf8423cb8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d0000000002000000000010660000000100002000000065f5d51a1ac92f2223533a77ed7a013fb3a8a88ae638714bd2733562abe02b6f000000000e8000000002000020000000aeb46f042448f0579a7325fc74d11ece603231738ba46cd0449d2fbb468eb0d92000000095a8036b685f624a195f3185cbd2c92e973f53e42e0d7ba8908ff8e5b4a1b59e40000000f9310088e0ba43ba6f8a41c2d04dd6a90e2ff4c3472bcf200924cde3fbb15d3bae5fddacbd97736f61cc9bc3cbe434443e451e3be5431efa1c213952112d95ab	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	944	chrome.exe
Token: SeCreatePagefilePrivilege	944	chrome.exe
Token: SeShutdownPrivilege	1332	chrome.exe
Token: SeCreatePagefilePrivilege	1332	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4832	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4832	iexplore.exe
4832	iexplore.exe
3764	IEXPLORE.EXE
3764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 3980	1968	chrome.exe	106
PID 1968 wrote to memory of 3980	1968	chrome.exe	106
PID 944 wrote to memory of 4432	944	chrome.exe	102
PID 4596 wrote to memory of 4776	4596	chrome.exe	104
PID 944 wrote to memory of 4432	944	chrome.exe	102
PID 4596 wrote to memory of 4776	4596	chrome.exe	104
PID 1900 wrote to memory of 1316	1900	chrome.exe	105
PID 1900 wrote to memory of 1316	1900	chrome.exe	105
PID 4684 wrote to memory of 4852	4684	chrome.exe	103
PID 4684 wrote to memory of 4852	4684	chrome.exe	103
PID 1332 wrote to memory of 4052	1332	chrome.exe	107
PID 1332 wrote to memory of 4052	1332	chrome.exe	107
PID 4832 wrote to memory of 3764	4832	iexplore.exe	110
PID 4832 wrote to memory of 3764	4832	iexplore.exe	110
PID 4832 wrote to memory of 3764	4832	iexplore.exe	110
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5816	1900	chrome.exe	119
PID 1900 wrote to memory of 5888	1900	chrome.exe	117
PID 1900 wrote to memory of 5888	1900	chrome.exe	117
PID 1968 wrote to memory of 5912	1968	chrome.exe	131
PID 1968 wrote to memory of 5912	1968	chrome.exe	131
PID 1968 wrote to memory of 5912	1968	chrome.exe	131
PID 1968 wrote to memory of 5912	1968	chrome.exe	131
PID 1968 wrote to memory of 5912	1968	chrome.exe	131
PID 1968 wrote to memory of 5912	1968	chrome.exe	131
PID 1968 wrote to memory of 5912	1968	chrome.exe	131
PID 1968 wrote to memory of 5912	1968	chrome.exe	131
PID 1968 wrote to memory of 5912	1968	chrome.exe	131

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\login.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4832 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
1⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
1⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
1⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
1⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1988,i,14002561824981237784,13258736491523780061,131072 /prefetch:2
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1988,i,14002561824981237784,13258736491523780061,131072 /prefetch:8
  2⤵
  PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xdc,0x104,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1880,i,9200743336435256030,16239809493415814195,131072 /prefetch:2
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1880,i,9200743336435256030,16239809493415814195,131072 /prefetch:8
  2⤵
  PID:6040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1888,i,12295482718056026997,17870231723980526111,131072 /prefetch:2
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1888,i,12295482718056026997,17870231723980526111,131072 /prefetch:8
  2⤵
  PID:6160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=2008,i,18136013603619880905,6718489551174313624,131072 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=2008,i,18136013603619880905,6718489551174313624,131072 /prefetch:2
  2⤵
  PID:5912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1924,i,14947194202555377106,7548821561229654078,131072 /prefetch:2
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1924,i,14947194202555377106,7548821561229654078,131072 /prefetch:8
  2⤵
  PID:6100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7ff9b9f89758,0x7ff9b9f89768,0x7ff9b9f89778
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1960,i,1511771644778405358,18299366052625486917,131072 /prefetch:8
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1960,i,1511771644778405358,18299366052625486917,131072 /prefetch:2
  2⤵
  PID:5816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:2
1⤵
PID:5392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2012,i,17011270176348050287,9766575424664610703,131072 /prefetch:8
1⤵
PID:5528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=2012,i,17011270176348050287,9766575424664610703,131072 /prefetch:2
1⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:5508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1888,i,12866337799105738327,6867786361012215528,131072 /prefetch:2
1⤵
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:5720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=2008,i,6091647784673371536,16182491457914841330,131072 /prefetch:2
1⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1888,i,12866337799105738327,6867786361012215528,131072 /prefetch:8
1⤵
PID:5704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=2008,i,6091647784673371536,16182491457914841330,131072 /prefetch:8
1⤵
PID:5924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:1
1⤵
PID:6592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:1
1⤵
PID:6600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:6276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=4772 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:1
1⤵
PID:6288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:6524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:6496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5220 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:6400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:6468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:6928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2368 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:1
1⤵
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=5520 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:1
1⤵
PID:6824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=1644 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:1
1⤵
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2300 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:1
1⤵
PID:6776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5176 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:7004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5576 --field-trial-handle=1832,i,6743801678075841642,17696102632258945452,131072 /prefetch:8
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\090903bc-b434-4a2c-81f7-f196d7d7975d.tmp

Filesize
71KB

MD5
f581f76f00227cbb47f9ae6d57d6c659

SHA1
79098a9c2cf46b6e313d065c4439a2aa24a1ea69

SHA256
3bfd98e59ac34e39f66bb9d8d4d691d3bc14fda379f0682fe90f87296af4efd8

SHA512
86b2a1bf551570ee843375e187da6d0aaa2a4fe2131dc6520a4727943d49f4eae4a11c71345950bdd2a34e051fa5101ba3e28609eed026d055c24e57f17cc89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0ee688e3-c401-4c4c-9b2b-85fbbfd2f04a.tmp

Filesize
71KB

MD5
906681fc237555f7138367ec1eb0427f

SHA1
70d0eae7bc9bf090f40b19647e173b04612e37cd

SHA256
47c42793b0133d4444c0d8b19beeb8ca2afb0f8242f07b25d5e9837131f049c8

SHA512
f55d95faf39ee9ea1b0559e5bbe96a308b54209f4673ae8fa9c21f66be89c5f3c90ccc3f606fca78f4fdf34f380fabfc779d130c3aa0d5722d3387b959cd226f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7e269927-896b-4913-85a2-1249e92487de.tmp

Filesize
71KB

MD5
12450e0855f9635c47ed1806c471ba8a

SHA1
61eed1447efdeb7e0c8ddb004d851ddc6af334bf

SHA256
c136b83d7ae67dde01219db7549c1850bbd0bdfc8fae1bbdd53d26feea6b0d27

SHA512
5134e35b45e4b1c75bbd5dde20f2001a8e4856d6b68581fa7af7dc55f98a2947998f6812da410577b5efa77f0944794c5c04c8d5cf64a1591362626700aaa3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9894ca17-7ed4-4d6e-bba6-4e4cce54470c.tmp

Filesize
71KB

MD5
ff8eddc0b4223609f21ace3cbfc176c3

SHA1
364868264270917e46ecd4e2953a376763c91123

SHA256
1fca59d771a58a86900d93adbfa4a2947c56a6857f9a858ad8b758a83f4812e1

SHA512
a3e83ce58a38e4649b61421bbf1e68f78d47c61b2b8222438414a854efd31186bbd0b0a50d6f31ff130c32dcfe3dd33da86c7c778cdf72eeb66e709a29d06074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d07d358608e5a216d85974e95a8a125e

SHA1
2f4bfb433acb6b09535a2bc7df46b1b5f435effd

SHA256
dab234de37332cf18e9d264190970bd017d6804f3e7b6ae79a2f6c5ef0b5456f

SHA512
b5f0fbb4e245791058d3f7593e7aac7f64c273217f2943751368d7ae38b7b4a9b92fceadf60ef115cf60c7f17970cb5923836cd12217627a3c7a1abf7bd6dd00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
48a766d49aa9d0d5eae08e64d5cd24ae

SHA1
7cbb1b25cb062a41b20b90336f6af62eb3eb564a

SHA256
58dac79353d8a91c16bcd68cb9fb700eee4c3064c4cf605bbd84b2dd61aa4da2

SHA512
f9fcf3f655e731ebc710811c3e3950c6e95ff98127b0db6e7a8b241c2171fffe1c7042f3236e49ed96071f5aab89518daa8263b861f91855e1603a1fe30a7746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
f581f76f00227cbb47f9ae6d57d6c659

SHA1
79098a9c2cf46b6e313d065c4439a2aa24a1ea69

SHA256
3bfd98e59ac34e39f66bb9d8d4d691d3bc14fda379f0682fe90f87296af4efd8

SHA512
86b2a1bf551570ee843375e187da6d0aaa2a4fe2131dc6520a4727943d49f4eae4a11c71345950bdd2a34e051fa5101ba3e28609eed026d055c24e57f17cc89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
399002339047394204637018483beb8c

SHA1
5e1de596154f41cb1dfdc702a399b41f9b80b7d9

SHA256
29a170c19224a551b1bf62544eebe17b1ab9ca14bb0a2cec9d0a34daf6e955a4

SHA512
b80f14fdfcad8f527f054cd9f3ca071dd22e0fdb3529abd44fe640956f0dd1bfea3dbcede84004450290ebf71f09738beb7756252946cde7dd7ccef4c84515e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
399002339047394204637018483beb8c

SHA1
5e1de596154f41cb1dfdc702a399b41f9b80b7d9

SHA256
29a170c19224a551b1bf62544eebe17b1ab9ca14bb0a2cec9d0a34daf6e955a4

SHA512
b80f14fdfcad8f527f054cd9f3ca071dd22e0fdb3529abd44fe640956f0dd1bfea3dbcede84004450290ebf71f09738beb7756252946cde7dd7ccef4c84515e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
ff8eddc0b4223609f21ace3cbfc176c3

SHA1
364868264270917e46ecd4e2953a376763c91123

SHA256
1fca59d771a58a86900d93adbfa4a2947c56a6857f9a858ad8b758a83f4812e1

SHA512
a3e83ce58a38e4649b61421bbf1e68f78d47c61b2b8222438414a854efd31186bbd0b0a50d6f31ff130c32dcfe3dd33da86c7c778cdf72eeb66e709a29d06074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
f581f76f00227cbb47f9ae6d57d6c659

SHA1
79098a9c2cf46b6e313d065c4439a2aa24a1ea69

SHA256
3bfd98e59ac34e39f66bb9d8d4d691d3bc14fda379f0682fe90f87296af4efd8

SHA512
86b2a1bf551570ee843375e187da6d0aaa2a4fe2131dc6520a4727943d49f4eae4a11c71345950bdd2a34e051fa5101ba3e28609eed026d055c24e57f17cc89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
5cf1c645e7a596c747112280bafcca22

SHA1
cec4c58cbbcd4dd29cf1953490a0d56c15a2d47f

SHA256
616aa0dcd226dc3551421b3dbb72abd2a2ce3d4c7bc307e30422c79d8f7056dc

SHA512
348ced307d485fce204f8fef8d49d29a5b87b8ea9c18cf0275c77a5b7a2212775f1397a3d401d29f444c1d772332eb25e517a43b73c5b71e11849ed9b443f0c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
5cf1c645e7a596c747112280bafcca22

SHA1
cec4c58cbbcd4dd29cf1953490a0d56c15a2d47f

SHA256
616aa0dcd226dc3551421b3dbb72abd2a2ce3d4c7bc307e30422c79d8f7056dc

SHA512
348ced307d485fce204f8fef8d49d29a5b87b8ea9c18cf0275c77a5b7a2212775f1397a3d401d29f444c1d772332eb25e517a43b73c5b71e11849ed9b443f0c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
399002339047394204637018483beb8c

SHA1
5e1de596154f41cb1dfdc702a399b41f9b80b7d9

SHA256
29a170c19224a551b1bf62544eebe17b1ab9ca14bb0a2cec9d0a34daf6e955a4

SHA512
b80f14fdfcad8f527f054cd9f3ca071dd22e0fdb3529abd44fe640956f0dd1bfea3dbcede84004450290ebf71f09738beb7756252946cde7dd7ccef4c84515e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
ff8eddc0b4223609f21ace3cbfc176c3

SHA1
364868264270917e46ecd4e2953a376763c91123

SHA256
1fca59d771a58a86900d93adbfa4a2947c56a6857f9a858ad8b758a83f4812e1

SHA512
a3e83ce58a38e4649b61421bbf1e68f78d47c61b2b8222438414a854efd31186bbd0b0a50d6f31ff130c32dcfe3dd33da86c7c778cdf72eeb66e709a29d06074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
906681fc237555f7138367ec1eb0427f

SHA1
70d0eae7bc9bf090f40b19647e173b04612e37cd

SHA256
47c42793b0133d4444c0d8b19beeb8ca2afb0f8242f07b25d5e9837131f049c8

SHA512
f55d95faf39ee9ea1b0559e5bbe96a308b54209f4673ae8fa9c21f66be89c5f3c90ccc3f606fca78f4fdf34f380fabfc779d130c3aa0d5722d3387b959cd226f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
cdddc745a8c954dc438c931889999bdb

SHA1
7908f975b6815460caa2bc3438efbd8fc8d36211

SHA256
3dc9043838386f5363ac96a01477cf3163b5118b80191576a11b32ce9894314c

SHA512
3d2d4852aa2ac6cb0b9b6cbca9f04366afd48d362d869be877ef324c16d72ff119b5842891baa2b6b99df2de2db8d3be5c23f0f97f8943bd74195996bcb66a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
cdddc745a8c954dc438c931889999bdb

SHA1
7908f975b6815460caa2bc3438efbd8fc8d36211

SHA256
3dc9043838386f5363ac96a01477cf3163b5118b80191576a11b32ce9894314c

SHA512
3d2d4852aa2ac6cb0b9b6cbca9f04366afd48d362d869be877ef324c16d72ff119b5842891baa2b6b99df2de2db8d3be5c23f0f97f8943bd74195996bcb66a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
cdddc745a8c954dc438c931889999bdb

SHA1
7908f975b6815460caa2bc3438efbd8fc8d36211

SHA256
3dc9043838386f5363ac96a01477cf3163b5118b80191576a11b32ce9894314c

SHA512
3d2d4852aa2ac6cb0b9b6cbca9f04366afd48d362d869be877ef324c16d72ff119b5842891baa2b6b99df2de2db8d3be5c23f0f97f8943bd74195996bcb66a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
67408267ef01ed6b9372f04c029b602a

SHA1
8b7c489754731f399077b899abfe55475ac2abe7

SHA256
b5aa30b0d3e08f80f60effa00fe335d2295fa494b36f33a2e8d8c66e0a34234a

SHA512
c980c28555803b9043f863d21427aba9611bfe49296a8409e4d15759631dea613f40d860d6600dddce2610ab7654a69ffb2abde0867ab2e17b547e34897e1a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit