hxxp://137[.]184[.]63[.]14/u[.]php

Analysis

max time kernel
84s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2023 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://137.184.63.14/u.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133322863846739150"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1760	chrome.exe
1760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeCreatePagefilePrivilege	1760	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1620	1760	chrome.exe	85
PID 1760 wrote to memory of 1620	1760	chrome.exe	85
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 1572	1760	chrome.exe	86
PID 1760 wrote to memory of 224	1760	chrome.exe	87
PID 1760 wrote to memory of 224	1760	chrome.exe	87
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88
PID 1760 wrote to memory of 1448	1760	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://137.184.63.14/u.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe302a9758,0x7ffe302a9768,0x7ffe302a9778
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:2
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4804 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3460 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3296 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5644 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5748 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4936 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3488 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4448 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4904 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5840 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3372 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2848 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4856 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6248 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6212 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6460 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5152 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6416 --field-trial-handle=1784,i,16409665060543816084,10219353525595912147,131072 /prefetch:1
  2⤵
  PID:4804

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3468

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
55KB

MD5
ef42b7671c63590e0fa913b30318cf60

SHA1
881d5b4b3c7e3a51895b809aa386632fac6d4fb8

SHA256
58f2c5af3b669ee548b8a0b9a42538535a27a5d19d97191135b40b5f4070501e

SHA512
66ead8bf1dac625a2f18a07e15c2afe695b96c3dcfdfca16c32cee9cff9544e6016e0f788256402eaeaebad7b57471b8c3c1a299cb6c4f7965476e88d75cd99d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
102KB

MD5
bc51ba8cf4962444e06703c6226500ca

SHA1
1ce077b1c9bb23af0e31bbb0ddee0c77681eacd7

SHA256
b7081823f9b15d1606161a4e5bfe698f5a34c64fa04473faf3d12bcf9c8017aa

SHA512
04095a02383937743d251e8447f7fce1b4e5a66b1612bcff644f3ee08e948803ff0a3350f383c6223c7fad2d1cd9956bc720fac786665c2d84a6433857d8c913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
62KB

MD5
adb7ad8d206f2422339c009a74cbdbfe

SHA1
64571e93982888f024cfa443ebcd3cfd2b59348a

SHA256
be6ab81f9cde6772800fa88c236fe834d5b7376b9ceae55ced251e85d1ac6be1

SHA512
f37ebb6ecf54820664afa63647616280ac5c65ee350206c9d5de3c1b382515e26a494829e61fe074c269224be5cf602cfd1ef09adc6e5be5ac7190a6cab7c106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
22KB

MD5
e5bd0613187a45fb69aca2d431f7e8dd

SHA1
e2b3970dd7d5206d4dbc6db293684b385320fa28

SHA256
fb07d5a7831fe4fd543c260ee000e6151892f24f64b50e11ca91d0163fdc3017

SHA512
0d0b6d1b71287888c9c0f683d25af2503885cd28a0970b48c9619327aae9b0b4a7d7e550c97ee2d3efa38cbe01566544acd54902329c378c1bdd4013f6a2803f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08ab0bdd78935027_0

Filesize
209B

MD5
f2aed78c736614e73dda071460bfc522

SHA1
03595d6c93d44d8a7c3409dd7cfc5ebda39b628d

SHA256
63697d09ef1a1089726a3e420f37271c01025fe2c19855647421ee0f49617b81

SHA512
fffdc85a8ee6bcf775a42e89bb2bed4444274bdceb0efc40fa3d574f2bbeb1c17a29bd936813c5c5f5e72ed5e257bd7f20ff9af690ec94f2835e48f875b754f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4d84f2122fd047ad_0

Filesize
45KB

MD5
6126cf02467868fb04eb1b0cbb1fbaf0

SHA1
e3302a580cb94214bbb3a6f70ec4dc869869b75f

SHA256
948f2328db1dc9e7511aa6e7d80552cab37361de652250e70dd769ea300cb9b0

SHA512
f439b5c823e0081dc02b203d3c40cd197cb297c2b83ee073ebd3db3b4acf4a789dac6c86a97da6193b6a074331e3f7738a427d36dd9f6ebfc93655e0350033f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5b99fbb537a97b30_0

Filesize
303B

MD5
d924e22282a3516ba5ebf2c05b8a7b04

SHA1
90a731ce2285c2faffdb99ab34f19700e2337f48

SHA256
9be7f77c4697bde4f6fa7251f1a49d93121306b19e769cbd898896cc5ce30bc7

SHA512
59965fd9dab0b4a2262b51f75272a82934c88677ddedb9be2c7ab13f653443fc501b540871570349785d868bdae4f5572d7bbd058b004b68c30b7a7fe88c3a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7fcdb34342a97ac4_0

Filesize
38KB

MD5
4cb452b31b16a0b083a3ad2e5da37499

SHA1
8eb835af58bcff574acf554f3aa697bbfac3ef69

SHA256
2c90533f5d453e92eac85b7db5fad27dc2af6ab02d7f73f5486b0597144d1d0c

SHA512
9e51326f1ca9af8c60de7994bbab5e5e2a67aaca26c547b3e4ca265c556260785645353a44f33b49f39943dfe7e2de5c94c8f5d2c709f5023138023b788f95ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a0e02e444dce9221_0

Filesize
198B

MD5
8f12eb4873cb6e1f83b55719e4f5c6ab

SHA1
73d46dba949c1ac2724218f815e7296b0f29f2d4

SHA256
922c46d672baa26334c1c79c9867d43ad39d94b829011a476b2a0c110c23d08e

SHA512
2d91410d28bed3a44e9a43b9b3578c3b0d40a622b6ae3013c82761820043c8692806c0b1d9c67ee8123f538cb767681d036f37445ecbf750dbb3b90277f23958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a0e02e444dce9221_0

Filesize
13KB

MD5
a6c75c4f5fb7d9ce9f47ebf3ce6bf8e7

SHA1
0dcb0fc363d0eefa7fff720684a15f6bc63e24d3

SHA256
570b40cf6eae244af20862a3a6b90d748182889499246dce7b56cb3c629cee2e

SHA512
8b1ca80ca9db721e022c499c8b470a366ea71827eb24fe4c6fb0be85e9e9f72e0641e1cf21a92a3ecc00e30905d5197c1b7ef3fa7e51a7a1cb882d8b76159f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c244f9fa092c9738_0

Filesize
784KB

MD5
302f1638bd4084791d89c9ba7d6f7b18

SHA1
64c1cce2186f0002ed9e958faea672e203518ffc

SHA256
2cc46921d563ed958b5fe10805adc8849fbbf0f64c3e6df61f956400be8ff07c

SHA512
b9687d1ad4987d7baf45c969e8a9f94d69d93f98c89446c6a8ea9abe9d40746da2fc9559b86b6bc9ece64ec3bca5e9c84f3eeb43bcb017303729bb7b43d7a338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6b3254f5eb9b329_0

Filesize
209B

MD5
4fd84c71ed6c9e583ce1141309bbb6ec

SHA1
6acf1523a98678d298881ca4d0ed1a60fe56c0e1

SHA256
de6d1fa983b14acfb92af00baff2af6431582c0ca5bfba57e9fe97e2b88abed9

SHA512
44325122cf457e16025a0e3185975e50cb5fb024ef341c5b61323769e3a034ca6365b166eab489c2e783f0190d3fc0359b85f51fe90dd273df860a38a4daf68b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6b3254f5eb9b329_0

Filesize
257B

MD5
e21ede4494f48ec70e00c9998a2e526d

SHA1
75a20f4a365b2e1725e8006cd530fafc7ebbb4d8

SHA256
a6834e6747cef80faea8ecf92d6c3a4109344be95e03f0306b6cd091fb9782c4

SHA512
bce0ae0a2e599713e018b566081877fa534c69b1d3a0427ea6cd8b0c5561f427ae79fe314fbe732be9011b427118f1ae642f5d0e4b205f1fe2a105a8a6f3c0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d5923f5c56a68063_0

Filesize
209B

MD5
089e08db8650c089811fc41eddc1faff

SHA1
b33d141ac361f986cc0474c7420f5e1ca4fecb10

SHA256
e5851da183daccb361cbc3180706e0b61ec649531c9925685d03f4d9588de788

SHA512
128d518699cf34d2a90acf815457078693f442e90f7939ca53d1fc6ae9d9ec2f4c5716a3f8b0ed404e2af7b72895ad9a0ce3964ed09219e82fd827fbf7f25b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d5923f5c56a68063_0

Filesize
257B

MD5
7a604977cd270bf59de1af8d2a3ba368

SHA1
b6893ee58ecaf573bd919097997a16e3f88b86e2

SHA256
3551401e5cc66e918f67de49a303e2208f1cbac9e94bdd116450d421dd7dd364

SHA512
0e6d7bf1a85e9dff362ac835e3a76f560eecc07c84036511c6046d30034fd633ff77cb5409a9684cc2b1e30c99e1955f2c1e2fda3d3249f5fb7f1be7a85c855c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
63ab4d6d3007d39757119c7da987d436

SHA1
1046fc9ea0a0ae86e500b90f90d9b726a79dc8bd

SHA256
5a541b15472417efd6c04bc914b4d7485a66a84d660f91eef7a3c5d0e102348b

SHA512
8638a576d28f4da233a7f43cfa30fe1bb227c9d44190efa9de30fd17efd9d8f83e43e7edac7cb08d97b8371c065df372a18cacc1d69cc5d4e397020cec13ae91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
4ef2305efeee0a9f52c286694c6c0bb6

SHA1
84bd8b97f99688568009d99c45796193f271fe05

SHA256
b6cf0adb81fc0451d3de9e9b8f926962686de96e633ff39d57e02dc65483810a

SHA512
b9c2762a6048ae0de3a1bec8e9988527ffd0b523c09f1919d4eba44ac75be554d11f076f82d1edd1043622ff91be355e869360c5e36cca55b1c45ede806694f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31feea10c7c1a49123184299e8e042c2

SHA1
b16804722beaffd4c1cb3af0651e34ce13572d3f

SHA256
0846984098908fbf7b6ad28852d9b1f2d9660ec75af0552bcfb80031bde2c9b6

SHA512
0dce7b680d5dce4dcf3268d9d6dad0b91276edf6d33eac08a6509115872654fe20169d10d5b76061a1e9b53feee721310411a5714a251c3501c94f546b8b5233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee60a887b4d349fc85d22d1c74bbeb0d

SHA1
5bf8199a453a121953d5260a76807811f41249bd

SHA256
44963a6022c4d3d3e9be1f36457a64766a353d067b52ed7d10fe83fbdf3cb216

SHA512
ca0b7f47a6bf4cb2d1ab36fdd549393f53d567fd95e217cc163e2fa03bdb24a53ceaeea997daf7210a0a2b6fce90195ce4be4c664bec954018faf82f286b1337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
99282f7253803fae4d0f2408c10c251f

SHA1
daa3b08d162e2287f96288c9b5153b378c11d654

SHA256
f7b31ebba9e52252d5c9157f51e6febffdfd3368ae0ca341ab6a7947d02401e7

SHA512
4f01e9427571495a1e97c7e8b33deb518a64c29f31ec9291236be41732431acd9aa2ad135dccfe85c858fdfef1556fe1705fc643ed6828eafa3eedf5c8f73f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b167316965e0196dfb396fad3ddb563b

SHA1
67058fc682073bf7c9fd257fda011e62d2d46a0e

SHA256
1d51f01cfa621d9252a878441b433a25ccc08779899b89259d18803ed7fba80d

SHA512
e03bda7737e403cb20a508fca3713fd1ef2fe0b4d7f557efbc19c4371302f0657c243131be803f398c856beee3217de4121e244991e401486a254b605b72ff8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
253d18d4cc00cedb1d6a951ac61543cd

SHA1
803a59aeb97e310951d89d9687f9feb4ebb76033

SHA256
f26d614295cfc2a29652a8dc84342450d7c0e5a979378655c792cc9d68ffe0fe

SHA512
2ec3cc313f3759e8bc7fc2fa4b9b1e130577a16c8bd99f7da75db8dc2ed2891bd4b04d7db853162b257d24ad57e15364c0490f8a6b0663131e9a578771032a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe8bd97e2e1c0f065ff8e6d56fba3004

SHA1
56b978e2a4e1cbf117b45b2dc96b88ff78d33448

SHA256
12f612831555f7e61c00b10ea33bce67e5ecfe01f7e57e6289f98b6a0c9deee6

SHA512
cbf3f4ac63347153067545d97f6119ebf41236b56c2cfa9f38c836f0a0d9e2974b817a9d05a4fec7fad9cfdcec6e5d80b700ab937162983ab8a0925ddf4a55aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d78000b1acbba8cb3b9b13bca42bfd77

SHA1
eed83a045fba75df840181f041cae946677f1923

SHA256
d6287186e0c9a7b4c123b7ba09d5a03e09bcab96c177699146ce1746249aa6ce

SHA512
ab6d9d5407ae35e0e18536b97b8c4b92fe481617aeb86f27ee5f82178b7138e729b894bce5170dbe8d202307ee594f480cd1f8914d8ecba8233dc472f1a42e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
13c3f476feca11f3dd6d456ad9c25e77

SHA1
9940194ced43af6170bdcea7d29c242284152a0b

SHA256
5b31683703b334fac847e8991d9ab71d81fe3c97cc76b0d2107d008a3189dc27

SHA512
26ef235236a6ccb683ae9128487f9338921001b008b6c3b7aef99b09722f2f8d7551b53a00cd3d513d94dd6d3f77fe4c286fc5492593ce2d6f492748c3414cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
430e2b537716d460065ea11b09724baa

SHA1
7d97e118f8fe61102863752c258cd95628bf7fff

SHA256
474bf03b7b27cdec42677886c4e08d94a4e3b88b90862e342b1f939b5d73d9d2

SHA512
9e66e5ca6e656082d16b0d69d5a8cca504305c9c7757ac3d8a073edb0ab9d3b8b8e8e4010facb4bef276967ed92cbe757ecf9b4d191319001277d1569ab20051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a3eb1555-e0d7-4357-a54b-a650d2e82223.tmp

Filesize
174KB

MD5
12d2f2662da4f64989375c2df365646a

SHA1
0060fe02355f5714c755524e43235a888e3fa051

SHA256
913bae82a9dd45905a73913a9fca716f4089954cc86d2c9834cb08cb4ab68eab

SHA512
f86a7f32845c0220ea5fb49033bc1ff8eab22af32c8dc9186914abafe3d8b725604fde7f80fc5a921e32a029cb98c72f0308119c18f1d7d4152db8a872a9edab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit