f4a6ede0d770cd0b61f5ef4c509fd57d191a3c03e21b0a8d8fceb4c14681b482

Analysis

max time kernel
150s
max time network
155s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
07/06/2023, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

veadotube mini/UnityCrashHandler64.exe
Size

1.1MB
MD5

35e38a8a1b74bcdafa07ea2ac9ea9fde
SHA1

a8f2a3ea55948b1db934990e8d53f547f52afaad
SHA256

b680c87a1b3182c420bdbeb2aa17684a7cf9b505a13cc30781955051642869c6
SHA512

4f68bc267a9715ece1048669ca5a98bd0011e85fc795629af006ed6ba588cb0ebb5c7e2e0979d17e1d294d44d362501dc9ed950b78c93455ed8291d36f5bc56e
SSDEEP

12288:j7Ykuv/yAneQI+PmCgakRstNlTZUAfWNMhTTvfoZxCaFwQfz2fzA3i:Qv/yiHuCgakk34MhTT3Uz3z+zAS

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133306244688391841"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
1396	chrome.exe
1396	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 2076	4940	chrome.exe	69
PID 4940 wrote to memory of 2076	4940	chrome.exe	69
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1408	4940	chrome.exe	72
PID 4940 wrote to memory of 1460	4940	chrome.exe	71
PID 4940 wrote to memory of 1460	4940	chrome.exe	71
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73
PID 4940 wrote to memory of 2912	4940	chrome.exe	73

C:\Users\Admin\AppData\Local\Temp\veadotube mini\UnityCrashHandler64.exe
"C:\Users\Admin\AppData\Local\Temp\veadotube mini\UnityCrashHandler64.exe"
1⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbdcea9758,0x7ffbdcea9768,0x7ffbdcea9778
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:2
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3556 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5080 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3332 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2340 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2688 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3316 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5140 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2172 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5236 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 --field-trial-handle=1864,i,2901007039096097808,176328934724849053,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3628

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
24KB

MD5
2f0ac5544928fb48ea816a57230b6e9d

SHA1
91c76864b72c093e4a4c8c63bd17d069dd4938fb

SHA256
a3c53a98ec495cac84cc65b2a32bf4ac87b0d346cc54722ab25e3131c67a4e59

SHA512
f62476f0919df1753aa22afda9f8d3e08ffa57a5f6e19ca83d98f10db7d1794062cdc605daa6fd34fd74f8451efe8c3bfb8c254944a6b00beb2e221d64458183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
16KB

MD5
b836d2ed76fe1bd9b79ca1f1cc39214d

SHA1
6ac226a2d0673f3ed931a7217442e70a01d0b231

SHA256
d7b004c8d1e652b1842dab8c0c30bcd19b2e3a44f120abc72d22d13d7786d94b

SHA512
05632c6a4d6f362089bb9664452c7a358ae1388cb4e9a71be12a9f78f1dafe05c8b7da19a8c6061232246c127a9959b8b21f555db00580a9a011bcb0a17103ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
16KB

MD5
f6160ed6d1da938b0c39cb731eafa1b1

SHA1
d9273b93cd68afdc97d65df752accec048b316bb

SHA256
5f36d3add46f6a425f70f833b75be801d705199e7dbfdb11e4de9a935082a1c4

SHA512
7220331f503b9f8fb70af3efb47b6b0a5298f53bd9c63eb1e1cefa55586b03f257d2ce80aa72e789efcf1db1d74204bc91155d560a7417ac2ba4e69baebf4861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
bfbd31ccca6689360aa16e8e3802200f

SHA1
2147edfe1488018e247aed91482f66d4275c309e

SHA256
010cff7d6c2f5ae391e66fac10000f37c1659c5e4c3ab4650190d439a9389804

SHA512
a35cbaa68232eaa6dda40b3e71c8082ff1fa151b9b42ccc5678cf13eeb5a888db967356389ca60089e0146eaecb32a061c11356fd0354e60ae1271e884aa381d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
73c9d814ff3d9efb0fef5f28587b9dd7

SHA1
53eb41509f8c20b36524a042dd9a7fc7e2f3f062

SHA256
94e6425c47d65d6176a1334375838d51f292776913fae7a86e4bcaa764f7d889

SHA512
9f923ed96a1a647538296d832ce4178580dc8b656f9703df6cc205efc7f9e2898b6a880f64ee693f1ee22bf3990d050c231a748895ccad849b479aec59f51822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
de866babce5bb169770b1fd816451feb

SHA1
676843e6fc30bd4ea643989e29a89ba51207ea34

SHA256
494e99819fe8b875db6fcbd38f6ad3d7d102d71949cfabf9bc1f3beb674c4bc9

SHA512
ff895db0822cf32d329ab5fedab3288954d5a0d77cc75402b63a8bcd1441d513821316a9873fbea36189996259ba99a7e246bfc2a21cfbb9374d120f38335b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e850e767dcfaab2d8ad239d9c6e75a66

SHA1
9d74c8c4b9d95797b92fe66c81e543cc9f5e8082

SHA256
12d09f69e7246a290632ec7668a433aacec430118761b8aafd0c0ae9897117d0

SHA512
49ff4f84a5931195380ebb52f0e547d8e36542cd312a6ad03407991f50330da196919d4b376c16cccdd4b26e3dd4859685134fafa57ec9b4514b896830120265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
62a72a9312919d0f76c533b0cdec7eed

SHA1
8a6d2aad5cd395b5229a0ea2cf9a05d02b2e1892

SHA256
c26e6c467d899799bd419b15ee173f39617641bf253134b38fc4a0e54ed6b699

SHA512
ace2baed8ddaeeb4a52c04fefa18deccfc49a97b52a7f3f53eee3879c31b2b547458d4b0d5f923134a761bfa663a7e52352d4b729719eb9775ee8af29deaaf73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a2df6b12373b61236726f8271e972985

SHA1
11df1b77b11e22bcfd8f592c5741153149e5a5b6

SHA256
8254f00c79754469d798eda9bff05f16be8d0b9b3bd9952467fe50e2d445b0ca

SHA512
321bb6232c517b1dd4859a7a22cb8f4564a4eab7e34d55adc1bc20fb4469fc1ccd20ca2bb1cc3120c2ce0c7982a14af41cd25832a357eb2378b2a6bf4708519a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
cc46cc10de5a577bec6603c24005f0d3

SHA1
dd010d9eb48f65254115f9d5f72a9399c23f64fd

SHA256
fbec50ab8544b550a9b41db29d331452f9c1278b2c390d77002fe22014fa2f77

SHA512
8fc777039fd021c56e0aba933807dc145298f4085940b45895bd9e241501734ceeed6788ce1d9c88e0708f1e75ae19276400312ae5725cfe5951e2a2d108d8af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
0b0a9d95abfaa4c7a9383907d4eadd45

SHA1
35285e22d9cbab3ce932b58dc256b5370d7827fb

SHA256
22f45fe0afd724aeb7cb794aa3fe2d453f562b17794293211c4dfbc09c35e539

SHA512
2f5242ba1b673759a44bbd68fc32db0b78660d1bcc364eca778b1e0c4bb7f05cea91319ed111a23d6f75a2b053ff27a2d08f987c37ae4044407b82bdbb8f9160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
820a4dc847761f37ec87ad950f87068a

SHA1
fb1153884eaff343cf097cd70bc8f48a415f20ee

SHA256
6b4d2bb384dd69369ce4ff72cc7fc83e59dad0031cfc213378b1c241a7791c3e

SHA512
79e986b4db1ec55173370182a4ba61e98de78f7b338b00d2027facd6e782e69b7060a5ced07443fb65d1ee593a2c15ab666b1a563a1fa050a6a3fd60410cb335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a36282bb9413819a0947a246a24a8a5b

SHA1
6fcbe12208b5f4cf9442350aa24dc70f26004e8a

SHA256
c4cdc1b440f21aae0b9230043434ee8eb93af1f38e3d5b122f9c228f3c9e75cc

SHA512
a485e430bbf671953118ed10f1659b318f6dbaee2513d5ad31c431df06d1828d654afbf4c77bea09af46df28899e9cecd088fc35ebbe82157e9ce2c94ae78d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
37d20398b8205acb43e6169060ab496d

SHA1
f72e0382eee571193f250d1151b249fb22533c96

SHA256
2489a44570b9fc82086356cb30a767de0783da32c08384c4870e5efc82810e73

SHA512
3fd07ae7f9f12b3dd4b7ee6055b8c69dedff2b9727f99cdf47df9cc0f50dc65c3f64b05b30c03fa5e81636c5a4f51d0f0b64d16c6e4101a99af53ca797a65f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e81895013d8d52501f0394bf49b1ff66

SHA1
ebd5d996c00b13af2c69dd722d623eb5af106a0a

SHA256
e7f44316ddd7cc452040f2f50ef6e789f8e88d7de1e969872902165fe34f331c

SHA512
9b9e91af07a8c78ea4d34a5d547e97ee56ec6d1e3eb74b6e43de0b231afe4c01bca4f4812061045a65249644eff9dd23c911ab5559ec7d3798662546040f8096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd314bca3976a9a2f9bf9a457a51012e

SHA1
c71ca1b929c14dd721b1f1ae873b22521f1b1b67

SHA256
2538a4e77fee577dd7fb2c88710256b851869dee2d0ae7ef896f0b0edc30f8c6

SHA512
fd1db6baed63058017278be7781f225a92c1867d7533085b12b9371bc670b68075c053cef0172541ccf4a8143076487ae2f7afbe8066d7119d4fa913510df611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca0e89087c79cb24cbb9d7c75be079df

SHA1
a21723ba129b5cabeaafd23dc642c9d15b5d89b9

SHA256
396507dc838d4d1328e9fbc3ed980d0cfefba3bd2c481132d6e94deab96f905a

SHA512
d0423a61431bc27d110c42bd1983971a09f083f6e415475b2b41923950a928bc781f1fb718eacb451e3378135c8d659b76b880ab252ed5eecbd939c5e1960cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
33fdd830b50a8c68093941deed69517b

SHA1
12dc2553ce210ef4d766a61a711e86be81508c92

SHA256
1e3e27383cdcd3ff5c257c438634625b9baf189b808c765aa2b67c903fce6587

SHA512
06c68e521541e5f84f397715cdcfd7a86d87d0f8398c6bcb804792eace051ae02f257e8e8c406bef7354ffc24257f6c45686701c373b4e79d4e30141717fdc87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
ad8b1c92924026109c19eee80b9500b0

SHA1
3e7621f054a44f1609aeb99bde4d95d65ff20c8b

SHA256
6ae8c6b117923079f6997bbdc0e34f17d8dc222028d88dc2ec95c388e743d458

SHA512
171b63a9a23254b5ca2891d38cb41af2351e05b27281ddd49141afba298938c82a10d70959b6bd71c3b36b68d497c5741619f0ca063c0771b4a90e5a20dc9bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
8139cb629323d296bd8f899ad1d929e5

SHA1
3a9cb1f6c7dd4717a6a9ba179a48c48ec374c0dd

SHA256
501dff313da079940d7334506185b97078ef8982a1fd009143cca6873e6f10b9

SHA512
8e4c75cf5ff9990d4fa737f992137a224a59f293a2a3bccb15a8625d2386759cb05e2a010e33b468b5a2c38d96e0e7eb09f734fcfa67b45807212b48b3415cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
acc808baa75f9e236060b14c3ac160e4

SHA1
88f4aa5f598ee8a09a0d05b1864629e06b4f0a7c

SHA256
2c6d2a4499a557c9f79313e44b8cdedc752a8a5afab431f44220a16639ca86fd

SHA512
03913d582dd525d8df386614a3e815a5edbd57a412823d1f1a7fe7ae46cf55747a2e0036b5b458258b452e4aaf2ec3f2f269cc30fc04614cb210482cd8cedd9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5820b2.TMP

Filesize
94KB

MD5
99622407402142ec13e42c6bc599a37a

SHA1
8171f76997eb46e38fd08e052002ff721d1c18a6

SHA256
02a0414fc2dfca57aca94cd7c4c30449eb3ea44c3dcef48c75714090f4182281

SHA512
2eb7e8da9c563f5eee8d428e8f596fbd691b39554ec4868a14719340c6fd70479e424008abb67b321424e9a4c99924960f6c3135308513bd76fbcc791f353d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 530297.crdownload

Filesize
24.1MB

MD5
35431d059197b67227cd12f841733539

SHA1
ae97f1e35c50a3c1b7b231995ad547828e71fe4c

SHA256
296f96cd102250636bcd23ab6e6cf70935337b1bbb3507fe8521d8d9cfaa932f

SHA512
dfc0a9bd4151cbb9407a1234e6c892b65d3db35f1a95684547fc0f5334a9b3d19efe88d5f2661d7b4a372489334098629ffb2c433d4128772c3b021ed259424e

Download Submit