hxxp://www[.]gesdoc[.]campofrio[.]es/campofrio/training2023/?training=8bd4f58f70279bfd5e21c405d786af5463e3f4001c11a320289ac0d2021e4567

Analysis

max time kernel
600s
max time network
601s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2023 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.gesdoc.campofrio.es/campofrio/training2023/?training=8bd4f58f70279bfd5e21c405d786af5463e3f4001c11a320289ac0d2021e4567

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 224	4708	chrome.exe	49
PID 4708 wrote to memory of 224	4708	chrome.exe	49
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 1328	4708	chrome.exe	86
PID 4708 wrote to memory of 4476	4708	chrome.exe	88
PID 4708 wrote to memory of 4476	4708	chrome.exe	88
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87
PID 4708 wrote to memory of 476	4708	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.gesdoc.campofrio.es/campofrio/training2023/?training=8bd4f58f70279bfd5e21c405d786af5463e3f4001c11a320289ac0d2021e4567
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1a909758,0x7ffa1a909768,0x7ffa1a909778
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:2
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:8
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5528 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5508 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3936 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3496 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4848 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5452 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5448 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1872 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5456 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5688 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3696 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2556 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5944 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4588 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5452 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1100 --field-trial-handle=1896,i,3155756388874097181,3114297407386360126,131072 /prefetch:1
  2⤵
  PID:3000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
19KB

MD5
d0ed87f63b8660bd339337185abd0d22

SHA1
eab58f2ada552aaaa64115714a53911b808e9960

SHA256
7de61e0e2dc500867def43564fd1e74e44e81659d37017f4a2805de625b0ec0d

SHA512
c8ff5278beb12e44fc2701306a34a2f1330ed9a7d1f7939058bb18061390deb9fb4be3e9261a85b60e671ec6dc34aca53ea12290bb7338441c8d759b9109ddc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e2e7fdb7db9fb5f2634d050e037545ca

SHA1
92fe4a73704e9ac56313f7d93fbc0c8b53393118

SHA256
86bbbb1028bc309b138d7f6b69dfe056423cec7535df97ceb8e1cfae0f17c86e

SHA512
f6117e6982fc9a7b67aa9994686921c5290556f153823ae0401dc7eee2610ce821468f8e78dc009b811cbc6f861657612306f769b453b3cb593cbc93a84cf7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
baf6a35074ecaf483ce4393ae877eca9

SHA1
1e8f4856b6fa601e8e4080cf8d2e1938e4114682

SHA256
797ecd85cc527aa15dce615de189b5d2f363390406d8f88eebe3532ca425ce6c

SHA512
4598b1ceb356f5b4714d8157de41accf1ee9ddccf71891e3a7d57ec095a677ce60db8c2293483b3307e69fb1fa56d6772b5c5d960a6098f3767d94aefe90d99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b1e032cbe6b0173fa2c85a3541ce3e4d

SHA1
22894761fe63b70dc8ef6a8dcee29748b02bf5e1

SHA256
a26ec1b4214b3f327e689189548ebca4407baf9028aa5165ff79c68b6cd6816b

SHA512
9abeffacf5db93d755f0cf58cb93b5848da7cc33314955284f14ddb2c9538efc10df7306135f4e9e2c049f1abd126f9bcbc85e2d5c6f12e7c13d9ce9ca1a2da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
638fae4b407bb0fc8d5e24e85cc17d40

SHA1
b5de51f17df0dec5c0ae25d49849d66f923ac826

SHA256
48500018389761d1942d9dd4845cacc33ca2ce888df9f9c06990cdcb1bbe2810

SHA512
c94e984acde3a7437149b49ba58f587f068c0a7bb77fbc447584e9c55b34d90b3ca946fe1b05dcf815a0310f8a46bad95abb1bbf319ea15d2c66a95346ba75a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6a02c2d7407c69db8a50e063c31ea13d

SHA1
52024491bbaec3c8bb7df887c6c4f8e2bf21d885

SHA256
b50175e6485abd8ae460c3b39590536687d437835ae6c21d9b1fa8da04e77c7f

SHA512
c128c9e58d0f66c0d8afc8b9270762b1f0aa6da7f914e78f18f0348c9b173aab277ae05e2e812597f37acf17fff002ba5507d9adf7e7b172f7601598fe492ded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0fea86901f16e7583c192b1749974809

SHA1
5cd79aa0cc4616ad5ab176279b1a1c29ef6566e7

SHA256
a781d01f861190cc6e1493ad1764de8ded0fc7460eb8126de89de06952a2d3f5

SHA512
d99e18d6ad9a6a6be286de0f627cf836329aa64229364921c9ad94423d89fb7466a91f9d27aca5c82aa455edd175d660597e20ec8b50bc0f32b3aa103d2fe15a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
fd340e1ab4ab399e865ba6f6c1533cec

SHA1
87b17144977924e9bbf12834388e54dce23a6bda

SHA256
4edf3319f9b8df7f0e104f588634bed66e772e2bbf7a8cc1fcc0a85a66532f07

SHA512
678294c609cf61fa0396fe603b7921159ff028eec8bbc4604e563d94d1c9ce6a830ffa0c69f5bd5b9549c4ce56bfb9b841e99c7c55b8d896ccbd68329fe6cdf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ef24a4d805bdb2a9eada300e570148bd

SHA1
f098886b4b0883df62765f42f520ec59156219ba

SHA256
02e940b323d03f3307cb8fe6ef04f6195b77b2fb13efd0e16a0fcf09598572e1

SHA512
a9b7c36ab38e9b473a73aa6257f5d9f616e8836c5dcdc9ea739c4347e0426662571ca8a222be6d0a122657d239407ee1d0b9faefec5d0f01c719a472d845067e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
20875970f322a404a94b961f724122ee

SHA1
10e2533e648ce3842425701940d99a681d66ae1a

SHA256
6293ccbbbbca4672d96793a2a2d00dcfae537ee93bf0f648dd90c68ab5babe31

SHA512
d1eb3106b2c08f12f77ebede08b1904f892682177c3ad24d9cf4dcde29e3ab159ca47318202691b8d54b30add5f28646bc93cf2ba3e2ae4d60af53f32be1c70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52adb8380713d0edf45bc59dce3465c7

SHA1
c873afde70a221a2a10bd4d7719233be4dffed4f

SHA256
1b46885bb7a4b6066fd0a351a7fde05e4343dc2fd9ce9021a573d632c3065282

SHA512
ea41045a4dbc769f41da08ded31fa7532947d789a979fbd206de4f1fdd78502de86719f782f4c8cd05aca3942ce5384449ca79b077475ce328e1122d43be3ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7af7cda2f4616671b77cdbbd1b5408f1

SHA1
3bc6a43710614091572ec27d0cc671f877a0fabb

SHA256
19e235ad41deb01afb98cc3dbec57213a82b0db8fb770ed2e81e89b77ede86e8

SHA512
883017da628135d43cf790beb327123dc97692022e0ffa55051f087fad1e8acbe24d99f8ae2bf4278df7be28e9dcbd075c130b7853af8d1155c870ca1f0a0175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
3bf0af99c4170c0f184c6e11dcd7633f

SHA1
3066cf8048265fb45c46e548d881b9141409176e

SHA256
573b04958315e3f63664d23bf6eb451c2609d282b2853ffa0dbc61089034b0da

SHA512
a7c4f1738a5710a4c59ad9c3c4880deae0f08d0c719b8a8643959ef8fd54c82ef749b3e56244efd5f52e5b98a549d3b83600c51f5ecbe4cb6171fd92d91d4459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
afccb8c07c0bac3ec123a0affadcfa09

SHA1
02a103c470c5a38d624186bdc11782697d947690

SHA256
1ccf3db3893ca01fe1aff456584480d3f688846a5d77f380c0ae1b5377b2dcc2

SHA512
0094d5ecb6ebbc08285ddce5e943f5b6b238a408144c28a196abe238d3d05f987ab8c915457c35102255e9420d1350bf9fb053a554e8eb357c119f0519c84267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
2e819d8f8253db546f4fdc3e381cacef

SHA1
c987304d0412c6fcc07ebafd27584968b5ddcbf3

SHA256
159bf2b3a64a74908868a80617f9e91e3cffec60e7a028176e1265c7431f2207

SHA512
c9e4c7c25d702c849e32193dfc50b801db34119c59c344293fd51db8cd1fefbd23c73009a228f884fd0b5c34173b854f0081a23877b5a6125f08a186325602ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
d5b0a720ca31c1fad228a976cf21ac65

SHA1
d7dfac95f057c5dcbccab87d0ccc0127fb2a80e0

SHA256
281217701d325610eda4cd94327ebee9f0fcd1b38c7ef430f109ed44e64902cc

SHA512
c98994e3684072c123df51e4a97237416c64ba138bb8186a895062344164110f798bcf0bc4adb166bd543c749e9005dab4f71fa1b1299167901d11721b40d29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bcb4.TMP

Filesize
101KB

MD5
881ce3efe0dfc156e8a07924420fbf89

SHA1
7fe9b02e30b344c5a059b9e2903965f7360c6586

SHA256
4fc5592a0d996dcd92938d8bbb1cbf7b5678737b537e999ebbf35de8808e01ef

SHA512
6cf8915a6b4b827608d1916cc435981db57796c0d459b8b6ca2f14a6244789a71a58505336dcde713eeef949e82a9745bcee268653508d590fee70aac7ba312a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit