hxxps://thepiratebay10[.]org/

Analysis

max time kernel
93s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 21:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://thepiratebay10.org/

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343625257928033"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{EEEA8177-CD1E-4F20-A219-2048FC7E66DF}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 1648	2912	chrome.exe	58
PID 2912 wrote to memory of 1648	2912	chrome.exe	58
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 2404	2912	chrome.exe	90
PID 2912 wrote to memory of 3988	2912	chrome.exe	89
PID 2912 wrote to memory of 3988	2912	chrome.exe	89
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91
PID 2912 wrote to memory of 3252	2912	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://thepiratebay10.org/
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff936459758,0x7ff936459768,0x7ff936459778
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5544 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5780 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5928 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5448 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5008 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3280 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5108 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6288 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6436 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4876 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2708 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6612 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3284 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4624 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5028 --field-trial-handle=1924,i,13877200002776252662,17218432212217450935,131072 /prefetch:1
  2⤵
  PID:5796

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\505a8b9b-e3f9-499e-8a39-9d7e6725538d.tmp

Filesize
87KB

MD5
09863182fcf49be6aacebb0d457e5ae3

SHA1
3f0adbb55afabe6d6b955e3dbaf5fe1576fbca82

SHA256
8855afd7993cc8e92f0b3ce9edd86d8371835e27a8374c37f4537a95d32f7276

SHA512
5290c97a038269e9250fb7e038fca9836382fa4af1362831a49893d302e660bf49db8775727350f04104a1d5097413ff9d6b0eb9a95b128c84a8d6f80f8daa51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f9d0aa99faf21f4dae6c502291187203

SHA1
daccfe0d06be99fe736d516a48be2cffb35b2dc6

SHA256
ed72840b1e3a0f167ac0d6ecc2ddf09dd67ec3cbd4b7b0b01be3bb0be074ffdc

SHA512
43574cfea235f278b7420f3259219e252adc662a35eaa4648310541db88126326a08aec36549624e0e3143f0b3e25571bb988273fe62e759401ade6ad56f40fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
26KB

MD5
3d802a55adda4d633b707c7e2514b927

SHA1
65315993b3dbda616759ae003992bf7867c5c56b

SHA256
0060570749556a1be05d509213d54485044fd3ffd25178c78d7de5d59b641ac4

SHA512
1fadace5e1fcbc03dda894d9e9e9fe8046f1e5e3d8dda19bf23953ad83e6a0feef2a569e9b48f9bc16099d7d0004d35a82c756aa07736b77f79ac9fda76c58ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a195a3936091b1c70e84faa67820278d

SHA1
c32da49083f59a01cefa336848fc06151218a43c

SHA256
7d2c11871ca2e1b1bb6be841d1409e7680e952ebace9c10c0159f140753ad9d0

SHA512
94d9047359422989983c97c1c90cc248b184a7a719e63ffbe65883fe3633ec8f4c986077b47459fb0b81026bb807ffd549414dcbebf449441504e46785ad32b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
5aa47e3b7f71ffce53fd5c366eb837b0

SHA1
03c59ed86018c0c659d14bff767c41514a5a92f4

SHA256
34f3873c06318d7255b380245d90caec1e0dc4c1e5ce8e44e9666ce767abf61a

SHA512
bfffe1fb84f28c2ce150ce4093a551da8a7014bfedcbcce277b16e2dec94066f04725ef31216bac0ac4eae2fdbbdf43cfd68757a6d01dc371d6a1432d38ffbd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8ce8595710ba4345670627d894ff781

SHA1
908eb2bf43eb92ab73b34dbbe96b2fe3565abfd7

SHA256
b50ac582a4897241e3675312d8f863ad52b6fa0c339b1ec5b09f643309fb27d0

SHA512
60e979759e32413e9066b44b116d341069e35d3165a23cc8de373b26c9b2aecd522ed8fbbbc0a91247ab0ae5fb25c1d8bade6087da6601c8bf272a8bb6b50b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
be2678b334b6fb3a1ac4c1d081d0cb37

SHA1
795bf8d04fc01b132ee67333e694acac7f38524c

SHA256
b7206955c81db21fdcf870cd1d366d8bf610ee69ba6c473d3611f20aca1d54ee

SHA512
552f7765ad8bccb027ba0a2c63ffaacbeedca9a5a8a18b3531f43a400c7bb594e09cc4c274cbd6b2737820b7fb94202957f480b765d047a2ea82c1c0e939cd3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6d6b06287e37c01e3467b26ad16aaee2

SHA1
b58bbb9aa243c444a2b7077a326a0f8282031014

SHA256
40921ab8a8556d525189c7c42733dad6fff55dd301748f019a5cdfd37b1ec441

SHA512
2f22e567ab1b9e302566a48ab01837f19625e98fd61d74a3d1b40a80084baeb9d50df018c05227d65349dd793aed036e54ba538cfd2c067045b02631017f8256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
d103b24431d522fba7a35c74928560ae

SHA1
c0380925da08aaf4f08992189e3ee0389fea4539

SHA256
6d8013c4931464aa909edb67cc4f5de5025acc07494c0f22aa5074e967d4fe04

SHA512
d96ece3a8d71fb1350f18106d52bedbc59d60e29e9953b0a551a99772a0094ea5bccf1c20f262463ad65bba59bb4f8187dfbd281134b7553993bd2051979bc68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
1ae9afbfcd281a27bc1f66743eb89cf3

SHA1
54875af129cdf1d1b2cf4b73226a0c1c76f74865

SHA256
bad2be2654495c2b5f7b73fdc64541091ab9db65dec25f2b0dcf76e5f64c104f

SHA512
cbc9b4e49bed65ef4ab33aa49152f5217dd84d94caf67440bd45a6cf8ad1216efd6f42294a174d08fcd94d55549e816b3f81d743ed7615da01e278027d3884eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
6071801f1ae675758485bef1c42408b8

SHA1
a3496964f6a796049d5e39293cd8639b29e2c60a

SHA256
803d0f15566c1dae89a0fed5421a99c32fbec9f8de3421e335bff4359a343a97

SHA512
38ad1cd1d5c047406d889c0a8683e121f6e115906f49bc1b16c09182c25f6a7380ddd15f5c48cc93350c66daadba2897cc388dd927a56be225914c8f98f1f03d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a2053ee864fb9d2bcf036f45e74b03be

SHA1
0ced8c100f8b1f5f388af471ec82e482bb06a4ff

SHA256
c0ae70cb03a6ffbc4b928ecab27ca9961829bdf02705f63ea0e8252fdda30ab7

SHA512
0d00330af0f8bc84eddbdc85d42a68d786fcfdbc9cae16b3df013af7c852fc3b95af3b08683aa3ee2def6cd14c94637e5cd7cdfe0b9960e1fd0406e0b8949505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5caefdec1d992907d350bb5430a11335

SHA1
6bf897f8c2cf3e685af11a7158cf1eb85b721d66

SHA256
6591167b6e6452797b8a3f5877627dc8bbd9aa41b65befb2f1b0a2bb966b5999

SHA512
b0d029238e3d9109e6169542ede5890ca9e9f70f645a6494ddc78a052223dbffc550a7fd18a8ed3e59c0c6f5f580a8af9a140675c7199dde8f459cc3b92cb248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f0dae6ad31819e441c9140ba0bcdfbda

SHA1
b769931ad77f4cf863a91f5cb682fc5a88f1e131

SHA256
c6df10024fa791ef3323e166940d6ffd4f9c4efb3f8d7504ec5e497d42d7b778

SHA512
db08de259911739368b90028b008d029a7438aa5ac417ca32bb48e7f75b9fc302b71dd969e4a28e7c1c5c445c4400ded41752b051076f1cf05fd9e77be943d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
47ca3309325c251ddfc8b66a1e4ab818

SHA1
b690023e6465268e965c14431700162e16afedbe

SHA256
d74b7035155c6571f7535d0ced148e440d21dd1944b984bab1e587b40933952a

SHA512
26b52deb3a2e9f939d51cb95e484a6887efd1cb4cba515a3ff3b2394d9d47c821eaa188e40a8e8f4e484d976e1a2417de992d4deff35758f8099b69eced3b25f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8706505b51323fe1e36edfc328c7e0d7

SHA1
0b5c3dc2a1760e4cd87a6c445b750b64bf69b0a4

SHA256
eaa501ecc7527e2a8b06791c2c5926202776965061ee7e6a4055d7d5d0912f0c

SHA512
385e471eacc9240a884a250de11ecb94095c60bb125eee062e0ef354d40dab811a3fb5e0351767f2958cb33643a3de556ffbb7c48018005ecbb71e0355d73188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f78b1ccfb967b3ad92c2c1d768d5a282

SHA1
4e5e476bb7fcb15188745d673110d1f971d35441

SHA256
9ce170eb6cb2541d45e82e9edf4681da720268ce9e691659365086d5616e76d8

SHA512
cade2efbbc318577294d3324c9722e52b1386f90f32561d67c379b1ee93da8f211a1f95f881e1a7a83437745f9be569ad95a373520b9c9997e5d77647e38ad47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f5bba990fd628627d6b9b9210882f82

SHA1
539b7af09d9c38025979e7adc28556c7e604d1c9

SHA256
c1091c996b741735f338ab3a4ff374a856ab2e18af0dc05fbf86e7b83aa1bb34

SHA512
35d55c03dc6bd6d0e77b8d7c54b397a3c5d27e0e92998299866005eb1cc67bb0079473a197c3f6c53fdaa679604a8b9c4e35aae7bf7d0ded6678651ea396211c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2736e59b704813095416beb8dd05ded0

SHA1
12ea93834a54a907ade3a5a82d45e9cdcda54e33

SHA256
d5f7d594dac139ff0ea666f91697a6dae9c8c2c28a11f2759b278a98bf2060d9

SHA512
ccc5dc4b6f44c91db5310fd85329596f0e0d70ab251ff4fcdad268a47f97977a16edf62fa9d3082e2263c5f8b9183c2f5dfcfa152c4332041aa97cb969ac9967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
5fd0c3cecb7f020de38ef175151888bf

SHA1
f67b8469658a6419a7d87579de1eb3fe83f74713

SHA256
9e969efc253d17ec4cef47c534047deaf0b10bab49fe34f77caa23d43f2f62aa

SHA512
0d329fa8536daa4a7a22130e4a1ef35662ca9de7b2b5de125318376ac05d62534c0cf9ec94e17a19ab6b049dc7ccf0124060e7f0be63c6ed8e30103e92f38bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
c67730aa1bc1c253620f1e0bd5564a91

SHA1
2a4fbedb65c3b36c5e097e9062f6a9cac5aad6ca

SHA256
e3fd3554e33118a30effd6b64dc2c4a27d768c9c4a347ed5f0af6d8e38c26021

SHA512
ffe4d64ab8110440c36658fdec0e01120a2dd10562a5b4bab59da0e93336707ac3a8f9362e37c07802042cc9333486760e036b12b16bd4c8fd11190bf9a981d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
873ed9fb3550c225461a0c92d95167e6

SHA1
e7604043942188dbbb515603d581518ca6b68730

SHA256
ae3800e215d874eb546938a8bbf1920ca8514b4758dfc4332384428d545902fb

SHA512
7ad5530afed66ded5943f5901fe8fc655a9b398e3bc36b39642a82c3abd360e79b2a2da663b451dcfe891f9afafa875811ad14de110053c13809521f52969cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f034bb0a82ca607a8ee79821bd1c7375

SHA1
7c3ba5b1a45d558d2792e23be491ffe479ecddec

SHA256
7d879902f2e03d497d4c56e5df0536ad215283397e9c47bac4a617012ea1118e

SHA512
7082f1bc18603b7e125dc96c69b49dbcd73529e739054f9464428aee27420c7cb0bddcc20129b6e7ae82b14e0de7d0b766831587fe43f7017f7b28ba51d789ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
1d39e44e27865f8b5ab408eaef9b729a

SHA1
c5b4f4e3515ed9136697c8a9e861d897f7e531c9

SHA256
ce565262122f4d90a974d7d0b0f54ecffc6c0759891c3ee5a2875fafa0c69e12

SHA512
7f5a0ae669e9f384f147e6483013fef27c660859dca4262b7b6b91ad385f87175bb1812002bcbfae51b69333e9554399541ad46b32d333799abcba1e64e5c1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
f41f20eb548cafc8ece70bd02974b181

SHA1
29acd3ae7aea038a62c2a97a4bc7da47c535d1ee

SHA256
800f27ef8f143b43dac510c5e3dd709589b72f11e788194a3ca82f1fd9b8570a

SHA512
1134c9222a1087bd2d1e309b99513e4bc755a0c109220340f74e4079b95ba68c29fc83e6d88b8af753a7e5283c7621c35fb9715815478bf1234b9d0f4887ba8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590ad4.TMP

Filesize
105KB

MD5
743f1ac2b51fc24e61fb5edc4e9cfb6c

SHA1
55fdf5b2d1548867324e90bf7c845b2138f5256f

SHA256
4b84dc2c2fde9f2063de5cebdc675a60179ab1f25c88a6ee65a87fb7ac0499af

SHA512
dd2caf98cb585e82cf3c9c493d380e3511a55bb521482a354c9075f30a1fd0b513b58dd086507aeb1a1f33579831d9beb78c3a8924a8908dd300f4240b8e072a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
8e8f267506211518f2dccb61b9876a64

SHA1
3276f504876102ba18990573f3cb437b636953d0

SHA256
f1fcb3792aa60b10c37049caaa7dd371c530ca939aa666ceddac7d4df21c562f

SHA512
5cf439b63311e6162dca266d0c058ff5a9f0642bcf7f002d05193da8c3a35808e7e1b6e92f4eee270b037bce4a56e5324b8a107d0180f081ee7b40068825feac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
c58be421ef7a6dccf014486df630634b

SHA1
68c270e1c6868de1336fe946e3ed0254b6114c99

SHA256
1877482a93a149ef29b33043f51cd083ff19742a51f1d149d87a5c50240b54a6

SHA512
4726d0f58f66bd9217c4c2c6d6cab3a8eae657ac7bcc87e1f01584a12d94976c9d88762e26b9385612a5f0a4886ef6f57f6aa4b51056880e4089338fc8955981

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
1683bacd47c79f32b7e7a89b44d8e73e

SHA1
c9a64cddfea1c51b8499fecd56467f76cdc1e8d3

SHA256
6622d27b080062160e94c122eab1f2f077fa0c2fffb70bb73dcd3fc7e4ccdafa

SHA512
9dc36c3c3c097b07296f3746f343e648198b0a162e01c994908c4055a72ef6d789b9e8f1e84e837a7aeee8ccf051de0b33ab6b94aa75fb140f9a4ff0ca8251fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
1b8a05a66a79b0dcd147d0e1248e00ae

SHA1
a853932c702a1ef2b0166e10720ca57794047b37

SHA256
c0431cc68c11ef95033b69093a5e08511fa8bea296a6df82219a44dbb152db5f

SHA512
44e43adf924d7a16133395383753e6b7506f610093563767d90a9fffcea1250f3768da1fdb5f40e8c3110e4968f71c5b1988d764caf5dfb7ad6d4b64f8b93cc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
ef2a511d59e38e7e1c2778b23fd7ae94

SHA1
33b72ec16f1f5829b3e3fa743d6b379d0e9827cd

SHA256
6e091247c0813034d6ad8b8767e681015e3b541a8f3f5ce48abd12c1008106a2

SHA512
28f3d55ea34d15f1715a89f5e40c0d4ac88e3aedfce4e261d1509a362a89d6e22cfa1faa35970dbb1898380a5c8934a8963a617640f6eb17d6bdbab29455a02e

Download Submit