hxxps://discordapp[.]com/api/download/ptb?platform=win

Resubmissions

09-05-2023 22:18

230509-18dngagc31 8

09-05-2023 22:16

09-05-2023 16:52

09-05-2023 15:10

09-05-2023 15:08

09-05-2023 14:48

17-04-2023 00:08

Analysis

max time kernel
82s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2023 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discordapp.com/api/download/ptb?platform=win

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133281258940067319"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5100	chrome.exe
5100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 3808	3328	chrome.exe	88
PID 3328 wrote to memory of 3808	3328	chrome.exe	88
PID 3192 wrote to memory of 2180	3192	chrome.exe	86
PID 3192 wrote to memory of 2180	3192	chrome.exe	86
PID 5100 wrote to memory of 208	5100	chrome.exe	87
PID 5100 wrote to memory of 208	5100	chrome.exe	87
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 5100 wrote to memory of 4672	5100	chrome.exe	90
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 3192 wrote to memory of 3952	3192	chrome.exe	91
PID 5100 wrote to memory of 4672	5100	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ffe6feb9758,0x7ffe6feb9768,0x7ffe6feb9778
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1920,i,5146857525623735276,3296132142990081383,131072 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1920,i,5146857525623735276,3296132142990081383,131072 /prefetch:8
  2⤵
  PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe6feb9758,0x7ffe6feb9768,0x7ffe6feb9778
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1940,i,2988946117769527647,15078759405660586992,131072 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1940,i,2988946117769527647,15078759405660586992,131072 /prefetch:8
  2⤵
  PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://discordapp.com/api/download/ptb?platform=win
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe6feb9758,0x7ffe6feb9768,0x7ffe6feb9778
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1700 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3344 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3960 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5156 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5092 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5032 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6084 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1924,i,15608010552791032178,8958695980841805028,131072 /prefetch:8
  2⤵
  PID:1920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2148

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
a0be6f96f3358e23679c5e0a8a6d315e

SHA1
93dd2e61b0a60f904e9cc9bc4728c4423dc4ca85

SHA256
3670071e55924e32281834a211d3f32555922831e49bdd79d22b0e21e55de2fb

SHA512
a19e66dd7d1299ee28e7ac6904cce4e5bbcddf61a3cc5d0f8048ba722533793a910cd8b9581d8cbc85c0dfb89548e694ccec6e460021f754e88450070b212dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b5b88369856a875d94fc4aa972b1f82e

SHA1
7c1fe49250f2467156d185f7e171b303e587e08d

SHA256
68dcbb9e88e7c6181b94ea0fb920ec0f3457ed48f45052b64ee98c7970fc88ba

SHA512
03df679b13cb52c9c5ff80b81812254b613dd60c5ed2bb75a7ade6625d0c5d3d48acae48db5733de4bdd0a199358d9b6fcd610fb56875ceec4772f26e7067ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
85314239442b514dbd46904df81de38b

SHA1
65ea44ab1f3edb4e5223c0f89fb36b77e760deb9

SHA256
a5e311fe823a8023083562d59ae3e11f50c9232d90fb4b0b2c7cec06f534459e

SHA512
f9e9cf844b22c5429cb40e137464ef91a3854d40ba3ff6960b03aff512a4ab52af0c4f4e9e32abd4b84f482af67a6efb00e19d734b0dc47f5b41050b45500b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6eefb47ee3e82989a3d7278cfe49fdda

SHA1
9439106918cb2ab3a7253acdb3e7cc445e78f165

SHA256
8735c7748af4c3c1088a62e5d608febb41f0464bd45ac957cf48fb9289b9207c

SHA512
8b10d8d6163db3120f34bfaada3aef021161794de51a77d774e27a3d431c4d7d10d90027f777f7d66009c504def0a3ddc9fa42fd607e78d7019e9cb08c8e441a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
30721f37c6f6fba5f4a064e670302deb

SHA1
59ca2fb702cea48a72fa97be0c9a6df2a4c165f7

SHA256
d7171aa95747f8e59fb870458dc516de35d349bf788734b98e11f3ae88d7fd32

SHA512
52579d2954927bba40778d496c36d0e08d9ef06da46f844ad6a92a41a74368c250322d844c8577e0fd3392d20d050d464c4066a2359012dd1efad89c4b4851cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
b8a2ad17d46cb8ced7328123513d3a62

SHA1
c09c06840c8e5e5bfafb447d57e28b70229812f6

SHA256
2eee1df0973084d1d71534db7d7cf90ca6b975d71a8936c98d758a67f9c0c4af

SHA512
248eea6b333b74bbfd19943e02a4d57523b016e9ddc48a9567cd5c71932b0d4e1e3122a0c6ff0932ff4901ed03d26f059920f7fd8e262aeb23fa78a3e3d0a6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
b8a2ad17d46cb8ced7328123513d3a62

SHA1
c09c06840c8e5e5bfafb447d57e28b70229812f6

SHA256
2eee1df0973084d1d71534db7d7cf90ca6b975d71a8936c98d758a67f9c0c4af

SHA512
248eea6b333b74bbfd19943e02a4d57523b016e9ddc48a9567cd5c71932b0d4e1e3122a0c6ff0932ff4901ed03d26f059920f7fd8e262aeb23fa78a3e3d0a6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
a8fe5f2a91c4e1383918e68be0aab4d3

SHA1
a45138a00edcc105fe13158664849e76e2b4e077

SHA256
2002952b057ce4d421080313a559b15167a0d6632b0b649024b1d23b8f4e6a85

SHA512
d605a97a1d19077aaf2dd7ffe749b9536f4f1e1b623aed6c2791949aba85b9036268e0fd0354f4b9554644901cd485fef0cde1fba6198da422640f950cd58583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
eabcfaabff63b978ed7962a70e26bf01

SHA1
9bc2d899b805cbc4dd2c5f0331633f0c3bd7b25e

SHA256
11ed08a5f5d5b722cd84be65accc10fd42805def1d182691ecd1274966e5e02a

SHA512
ba1b12618cc89b816f21f0126f6db421f2ae882d94f6c3b4093158828b3e1defb8d91e3fce952ec9d947525d9d8ea52d2fce2a5e99cb1ab2d3ae24c724811628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
b8a2ad17d46cb8ced7328123513d3a62

SHA1
c09c06840c8e5e5bfafb447d57e28b70229812f6

SHA256
2eee1df0973084d1d71534db7d7cf90ca6b975d71a8936c98d758a67f9c0c4af

SHA512
248eea6b333b74bbfd19943e02a4d57523b016e9ddc48a9567cd5c71932b0d4e1e3122a0c6ff0932ff4901ed03d26f059920f7fd8e262aeb23fa78a3e3d0a6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
0171665d7d139d962e41554aa9fd4bad

SHA1
55290c371187d4cda1ed26f6a532487fe4bc1d26

SHA256
59c05f7d8b3cb56a64ecfd4922cac3064b9c6d52fd201b5d58f3289addf8d927

SHA512
619500a4be2e666a01e3aeeaf4657a805078de905c4e9dfc1fe1298db378f4ec09431c6dc4e001ba2f64cd2f41a2cf7ddfdc3568a025f9437bef65819f4593c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
eabcfaabff63b978ed7962a70e26bf01

SHA1
9bc2d899b805cbc4dd2c5f0331633f0c3bd7b25e

SHA256
11ed08a5f5d5b722cd84be65accc10fd42805def1d182691ecd1274966e5e02a

SHA512
ba1b12618cc89b816f21f0126f6db421f2ae882d94f6c3b4093158828b3e1defb8d91e3fce952ec9d947525d9d8ea52d2fce2a5e99cb1ab2d3ae24c724811628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
eabcfaabff63b978ed7962a70e26bf01

SHA1
9bc2d899b805cbc4dd2c5f0331633f0c3bd7b25e

SHA256
11ed08a5f5d5b722cd84be65accc10fd42805def1d182691ecd1274966e5e02a

SHA512
ba1b12618cc89b816f21f0126f6db421f2ae882d94f6c3b4093158828b3e1defb8d91e3fce952ec9d947525d9d8ea52d2fce2a5e99cb1ab2d3ae24c724811628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit