d6f846f512719e16e3bf6098495de7072b34129a1f6282e56d63c28184340a20

Resubmissions

23/05/2023, 08:54

230523-kt4y4sfd9w 3

22/05/2023, 13:17

17/05/2023, 12:00

17/05/2023, 09:03

16/05/2023, 13:11

16/05/2023, 09:34

16/05/2023, 09:04

Analysis

max time kernel
1800s
max time network
1708s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
16/05/2023, 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-04-14 16.11.24.png
Size

104KB
MD5

a64b931dbe302e387d5fde5b084efe7e
SHA1

91d40dba94446a5a08efd5bc7d5588878448de6a
SHA256

d6f846f512719e16e3bf6098495de7072b34129a1f6282e56d63c28184340a20
SHA512

c23f821320850659caa53888072ad36e3eb654ba47018a9ed6dabde10d1576125b1a6e736f22e1f6780c6d43935f7679ecb1fafc0b0afad0de149d4fec8a3329
SSDEEP

3072:vK6uZ3CJCz9T0PHEM61eOBKoMGJHGay83T22:vK6WlRMAKoMjay83TL

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133287105380665319"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 1464	4188	chrome.exe	69
PID 4188 wrote to memory of 1464	4188	chrome.exe	69
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 3040	4188	chrome.exe	72
PID 4188 wrote to memory of 4724	4188	chrome.exe	71
PID 4188 wrote to memory of 4724	4188	chrome.exe	71
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73
PID 4188 wrote to memory of 4056	4188	chrome.exe	73

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-04-14 16.11.24.png"
1⤵
PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff871f59758,0x7ff871f59768,0x7ff871f59778
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:2
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3680 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4968 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4984 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5500 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5140 --field-trial-handle=1744,i,16119565740080258007,384110292072794937,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff871f59758,0x7ff871f59768,0x7ff871f59778
  2⤵
  PID:4120

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
139c008cbe62f5bc564e19558ffabf74

SHA1
3eeadddc5e73b9cee1ffd736e5d5e01144287e9c

SHA256
d655a1e1f15591e4a0b3188178ece54f87669db76e15755da382d0981eeed6c3

SHA512
1d94560086e2aa2abd6de54daa469d915048f675128d5ffa340c4ebf4a4b4081300b6c09ec5d468539ce3d36fc51871e1e39792767bfc31b92492e4fd2de2eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
89b575adce795e963a869cb4a8493c36

SHA1
60f60f7a9c23880206f4c667187a64164b90ed4a

SHA256
7e411969605081d67c440fe99ce184cc503002fd01bed953d20e03df512743d5

SHA512
2c0d4bd813b8590e5d6f7a915d6dddbfe915c39bccefbee9015e9d210461a283b6695fa1f6fe53c2e11c3d906cbd6e96517b56ba9e4006c1e93434a696204f85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b0930493b2d40e99b7a309d47833b9d2

SHA1
129cedd6efadcdf47ce7b8235e5cc44eb972b051

SHA256
02576f5bca66de300c792f013dd578fa7d8a89159ac7636d74baafec6c662907

SHA512
dce6bc6cc12de6b59b789ef325e0ef0a6de11a107cbbf074cca0d777c1e9aa9bef026a4dd7d3c16cf81135a9d0e861aacbab58b3f1177b9b1bcd50874be61ca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a7d86583b72a731762251b724938a706

SHA1
1dc6c90dad2e0bf15599bdcae4632901e429c743

SHA256
d5611bb4429f6149445493334528334bd608d545ba3032b6f5efaed6c42d5930

SHA512
d640cadf48b361d46e772da15c0923b83f73f9bddcf7fa4eee4f1a7ace277dbc489b6552ae86af8cbe1c588619259c8578af785bb0eae612c3436cddd1f6572d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1d19de60d70d7c60e872cee973594bfc

SHA1
60dde84e9661c72b3a1778a186a66a13916b52be

SHA256
acbdf644e89a1bf5e58d961db0624af2304eb0cbd948e677c60c10167f8872bf

SHA512
cf8b1e0ed08f2b75088f507145dd3a49eb1b07aac04d3901d06b9818ec18daf6dd2898a9e76633328eaaecdc29e3327cf14cd5141cfc5542d1dbfc30533fcdc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e3b5bc8caf9707b98fc7a81f8c2857a7

SHA1
3179f1964d92aecdfdc8467b850c10fd782ed514

SHA256
04972066fa9112508de7eb2a51785deac3fa9733e7d001a1470be54233a90cf8

SHA512
be2b3aaabf54658678972ffbac5100644ffea914a457f8bb9d688f47b64305f88b10ad861257b0fdcbb4eb64a82935e79c200412106bedda925e433bb6421a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6910144ed022d52db20d6393b504a4fb

SHA1
d77604c6b7aef5bfbdb3510fa332d74657074f55

SHA256
4bfddba32f8680af192f26b18dc8f738f85759715b30cb039ee69328b42059cb

SHA512
29d824190133fc7347a3f97658ff4d2b7d3f8b15bf4efa783ebdbc7311be9adcb62031754894c780a7bfdb2ecd8669812921b6cd2316de30f94deb740624b16d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f9368ea086177b653c45fa29ff1ed52b

SHA1
159f25eb2c3260e2d8b814981d27e48d8587f284

SHA256
dd2787d5bfc3188fdb4f387f504e45f46b4dd9599a2526ef0f1eaa3a47af83e4

SHA512
fdd9a644425fff6ab9e77e14120b44c84236e23cc63c9e3956500128ae3de91b8eb983c60f7f4ac1f4ca478652f64ba4f2b323fc2f38ee26536e922b188e4f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
b41a6b3f85e95668ddc8f31079f17093

SHA1
4405ebf2aeae0b74fd8b5c88b639f938e44852f6

SHA256
078a703c7804d7f994f0688843d3cfd6af83065a695677f0dbc1d2a59e3983ab

SHA512
b5ffabfd47ae004c306e847e234d7a1fd10695d7ee6a197c9a85b2b504365996ad0e7eae809bfa4433aceb2d573e1e30aa34ff97160a231cd1721a1040c3ffa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
62cce0b6a50d7f5ee63ea4645dd96806

SHA1
c5ecb080d837422f42b1c76661f63dee42e146ec

SHA256
1d6c233a34f764af2ea8e8445296bedf4e529b91d71d7de4fecba5c6914bac7b

SHA512
66318308bcd181db4ab15f5271b3632f7305d42af46fb6def6b63f9fd6d40e2ac75f07fc08881e01731e91963b4804afbc690f51944a71220d6274812c3b51b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a5de750c35658e1bdf085c9b73a91fd3

SHA1
572c2db8e339d91a369b638b17ce9b774c6af5fa

SHA256
ba1f0d9f71eb2f287a86c92bbb0740cd4887a859520b666f5e4e88501ca700f9

SHA512
c7a0ee057145a534214332633dc6b80e455dcd1a2df2150935c829921e4ed842c53e9b068c98d86dd67e774f0474e5df9ce2ad571f60c941743cafb7c6b3d34a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
1d5c1463ea54053432ac8e5130ba1ae2

SHA1
2144c086e6447440ddf2975ab074190c80f3001b

SHA256
a3b7b3665b78b0442c042df23e82fb10b78044ee46c94cc0f43f5eed3dd9cade

SHA512
b041e48427f26060bb49b8ed08fd2fddbb2acd927d7696788279e497bd4dcc850d9b618d98aae0cedc1f08f803db44f63eb253575b743fd0cd02aeb68bc2f64d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
257ca304f7fc5009dbe32d49e0b7f739

SHA1
0547c3cebc03392b5fd93a4aa2bc8a03bbabceae

SHA256
b89feb99825d7731c4c3394a91f0329a9a21d0b3ca579b61945d6561aaa8d4df

SHA512
06c83236324ed259bf0af3cde882fa1c99943d3fdd5b4707c26c4ed4dbcd89b3819fa19a87dfcc8d39e182752e2b428dd89eded879137543caeb993a50083d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
dbdd60655f795b712d482d5f56b0b4ee

SHA1
b3f34309c9dc4fe0fe703b5f2ea1a55f99459369

SHA256
028e06649de0c3e8a3ed04d3cbea179b8c2e3a4fce8ba48e2625cec74300a09d

SHA512
62b9d29894df45794e3ec49139dc2691580db4c046e10c1c01c1ded7adcdfbcf18c5b47664d5e4099c0def84a2d623632644b28ece53b4b8e6345392f5c0c0d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
e52542c3f37d43c93c26514298ffda48

SHA1
2bfcc7b8f0599872526701e8b531138ce97a9691

SHA256
1e13139e234c4f18fa06fe3047e1379bcf5ffd43ca19cd34b984a947a72c21b6

SHA512
e937ed1e42c553184d630c04b4a6ebc0211f4a506444c861d47d3c354cebd195973cbb00c706abbb6f4d6ae9c6caf304c7b02b6981b7b65de8a45558de69c0c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
766ef4105392f70d25b7feb797be7cd8

SHA1
975b19b4464bf22458cd26fc8cfce4b20047db93

SHA256
bcd32e1a53737a2b834a219257a4dc0830500fa537390ef33472343a4afa5ebe

SHA512
ea0fd2cd4ef5015635d018f9297f60e71f610e22200b8bdc72ee41debdf3596ad1841a9ece70111c712e123c6587eda55b6f3a1fb8603011e8c11eac439a7c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
85140e16e2fe2808ad6ecc7a3c3516ec

SHA1
d10f21bf13fada2adb427733b122125c4093ad65

SHA256
01588d5b5285efaaa30b89f8fa45d83a5e68d301472ea99641b36428b34c9d8c

SHA512
18a107249aa4ab9185aa87b0c64f98a31690e984b21641762be3515b1268e246029516008432afdd269cb8b3d48c182788ffb4ccbaad7a5340c424df9fa13618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
a4d8ef5f110301852a7c1e3e69fc169d

SHA1
9eb7bcd303886f790bf8253fd7844838b0e05f89

SHA256
e382ea6df427ea9aef19822ddd8cf16960019a43f862177a9de59dc54f63f827

SHA512
665c26585eb2b513432366cb0be7cab31e640b83539ee4208f04797e5a4894e2713a333625b1e7fdc163132c3c8109b1835f08f49ca6298de0208bc1413ed088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bdf182c85a6d3ffd6bc3f6449829102f

SHA1
77d7c65b7fdcceb94a0ecec9d53fa6933ee1e01a

SHA256
88e37c5b9d424ec6946f662098b5103fa525437324780c51007b36e79505543b

SHA512
f0da86f8a871bdcb5c71f3ec9c4350baa2b29c6163b2285485669a6c77d3f04487fbbcc44f3e6572dc6506f34fec4db20a1b73c6548b3892e5f12b8280faa86c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5dd7d542a0a508d8316ab62a2bb8cbd

SHA1
cb7a4e0984ffca5626a60205cfe28bc302fd07bd

SHA256
81f3db2082836d72a7702b98a6fbca1da0b1ae82e8ec92421a7a0fdac9f168fb

SHA512
433aa1fcbe31a2a1565c801fde9507d33349337b864197e689bad9dc352d6a1379ffa0c9556dd08089b6a364ccd7975502dd8bf85be886195523d3cbc3845b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
c4df7092beb4881215f6dddb855c5272

SHA1
d9ce87b498e4f0289aee8942a66abea95776627f

SHA256
5dbf10e24e4897d0af9d9aa9b25e66133751216fb8b7cde9f984c8927599659b

SHA512
0b3c9475becfb4fffa07c21065fff399090969e0ddd972ebfafdba9895339f2edba1c9d9013b0886e99631b542eb31dd939b8ddaadb3ec033058dc8ff53c6fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
aa26b55625d5caa9ac2cdabe0953d478

SHA1
e1af7db33ba98e52956283f1c3e583d80c045c23

SHA256
c5ed467471c95a99f703d821d2c85501744a8cadfebbfb6872ca7e6b1b846c5f

SHA512
1db7e128fb090bec96659da09701349f7274ccf66a8a758eeaba0d1a8399709377cefa52788eb7b579ef40fcd01568f2083cdabc26ddae08272a0b79e5eb0003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b4c9.TMP

Filesize
93KB

MD5
74ef2722aabc78cbb8ab7acdba74ec12

SHA1
4ef7c6e6dc192de2e5c37e673b49c11393662e72

SHA256
b4063090255be227910f44643c637a06c9fa0d6fa753ebc9a2aaf861db9b4aff

SHA512
c5c214d6f8831877c816ca6ca47ccc66e44e807b09d4044a8c86a69ebbef7374c2ea01a280a32e33e056b3ecb16a4e0f8ec8dc7c5757dfb7c512530d37431221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit