ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd

Resubmissions

29/05/2023, 18:32

230529-w65lysda67 1

29/05/2023, 18:13

230529-wt5fesda26 1

29/05/2023, 18:10

230529-wr9bladd41 1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2023, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ColorBug.zip
Size

28KB
MD5

34071c621da9508f92696709d71bb30a
SHA1

5817a14b8da5da5aecd59f5016c2b02fbbe2f631
SHA256

ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd
SHA512

eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45
SSDEEP

384:Z6HvcubW5F4mPGngeY4S8kep2sx1skClNcnK5VYeymm7/rrYC8Feuumu+lZRmdV5:Z6Pcu65SfY4SdsCbWVjOuGR2l

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133298648948913481"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 4044	5084	chrome.exe	94
PID 5084 wrote to memory of 4044	5084	chrome.exe	94
PID 4224 wrote to memory of 3692	4224	chrome.exe	95
PID 4224 wrote to memory of 3692	4224	chrome.exe	95
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 4224 wrote to memory of 4148	4224	chrome.exe	97
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98
PID 5084 wrote to memory of 1200	5084	chrome.exe	98

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\ColorBug.zip
1⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffd47de9758,0x7ffd47de9768,0x7ffd47de9778
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:2
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4524 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4528 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5348 --field-trial-handle=1808,i,18175771273586570513,6692597332561130085,131072 /prefetch:1
  2⤵
  PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffd47de9758,0x7ffd47de9768,0x7ffd47de9778
1⤵
PID:3692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1784,i,17933268389178769436,18093391874542951488,131072 /prefetch:2
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1784,i,17933268389178769436,18093391874542951488,131072 /prefetch:8
  2⤵
  PID:1256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3288

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
fc682f43f368a4f463f0b97267da5d96

SHA1
b9424c80d9f128e5550579c5ccb1f0ce005a2e19

SHA256
b024c5bfb12d50e4f6624db22e85064f86f44d8c5ba32ff3bc7788d7e3f3fe22

SHA512
645010757ddeacc5b1766c2b6dbe7f515c94e074f03920372a254bccc6d6b453153b0f1219253d36ecebcad5a307f399ea8ab9c6fc784f99ad8563b65fce4d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2e6c82fcd63325eea30c410954312c39

SHA1
2957a1085601a10e618708b17eea0232e295ab51

SHA256
a317abbfd6fa1625da85c1f7d4b8649feed43fafb7934a94508efa5871abd8ad

SHA512
dfbb7d05d51df2b9e5d846b9bf81f0a097a20feb29147ea87e54f4c113b808692144f31f1f49f12c24aa3c5f1297f97327cb5e85235f4df1cedb99bfde1135d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
973813fbe4e5165e024c1f751438f9e3

SHA1
3f39c8b64831671358944a0219262945694872f6

SHA256
85c8f68ea53806dfa8b96d34dc3b071be693e3b1ed04b9e43bb637109669c438

SHA512
4513fe4212a5077893687f9d614080ce5027bff971ea5772303a2614e7150a12d4d22a4c45b70be26637ee74532baa340034ef82df6d93df29dd2aeedb2e9593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a1b5544de69d20ea4fa481c5344fe0ae

SHA1
2304fb9079a33abc03948fd298d418eb1d541694

SHA256
45736fac70c69cd08257b67fef3fa74b14778b0932db803a87f43fdf4842ab97

SHA512
f91a557cb1d4c9eae3ce94eb36df01a3a540ff86e63e4d2145555a9cf27e62b84529a9acba9140b83e6f7c24bb53ed749557c0fa9439fb4b16989d03d56ec812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c20424654e5ab3a0599de2ce643ed34b

SHA1
9ee7b965a4768cd7651ac2e7c018ac05bfb8cb6c

SHA256
0cf658bbf33e804619548a34680a193b2bd178bd93d141b0358393443177a5e9

SHA512
9763d1e85a77d0086d595a234c64b429e681eccac1eca6aca17b42dbed3d06a94cb2607ea572ca6152d3f64cabf8e8e9d45149d282aaff4f6519dfd19119c855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
051f322ac089fcb931b6277c43c4a3b7

SHA1
b29201f9dfd0a6c913881336e6e87307a74d051e

SHA256
2fcd0118a3380928462be8a7b529e94eacca68c18e3150928b9494894878a221

SHA512
fee5c9c1309730c5214b8ba35f221c4906b7ba4852f9330f7f35cf07bd2e58fe99c0be765d332083f39739dc36a9d3adae4ec7c2ac3c4691674a2c217e94fba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0d4574e9ee06b22b8bf22073fdf35b4d

SHA1
bf16ecf46ab5402db647e9b1fd4cec3b9cdafefb

SHA256
82ee63214573d29532891e64a485f584abca35f2bdf5c6563dc3bac90ff645c9

SHA512
6a4cc86620a335ebf9daca5ee416c08b4090f654ef53b9a8ba6819b1a951105bf0a65ed4b85704db4afa94b080ae47ad19e188b5c378f9b15ab8178947217c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
4803e2e38f7f1d2cbe954d6853294562

SHA1
f5f54b564c96b115d35330f941106f745bd72082

SHA256
ee14b097db25f90469713dca5d0979d7cb3d2e3e24434a168b5bf43ce5cae872

SHA512
46d0509598d7902f1361730b8358515f15d7de5760d9f91c459b288a047074efd183b5991a2f59ddbee07128355d58cefc7dacd8e0a5956b635b12180971eca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
4803e2e38f7f1d2cbe954d6853294562

SHA1
f5f54b564c96b115d35330f941106f745bd72082

SHA256
ee14b097db25f90469713dca5d0979d7cb3d2e3e24434a168b5bf43ce5cae872

SHA512
46d0509598d7902f1361730b8358515f15d7de5760d9f91c459b288a047074efd183b5991a2f59ddbee07128355d58cefc7dacd8e0a5956b635b12180971eca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
2f6ce010517c32c4dc27e0d0fb34356d

SHA1
cddd067dea26f9b2140dbdf68f483663794308ac

SHA256
cc1319e005cc99be938449569a2cb10016eb84764a875fb11fe197f7c20087c0

SHA512
c617f5428e12602e970b04981c529087b667b3433d03e28dab906ae9ae66132f0ef6f223a499416b2b05ef78153ac915df4bea8a425dc60ce9c8cc0be1bacdf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit