hxxp://fd[.]png/

Analysis

max time kernel
299s
max time network
291s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fd.png/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343265723155459"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2216	chrome.exe
2216	chrome.exe
3096	chrome.exe
3096	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 4424	2216	chrome.exe	85
PID 2216 wrote to memory of 4424	2216	chrome.exe	85
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1712	2216	chrome.exe	87
PID 2216 wrote to memory of 1064	2216	chrome.exe	88
PID 2216 wrote to memory of 1064	2216	chrome.exe	88
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89
PID 2216 wrote to memory of 3616	2216	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://fd.png/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1a909758,0x7ffa1a909768,0x7ffa1a909778
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:2
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4088 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3248 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:8
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5204 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3908 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4796 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5356 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5816 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5652 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5660 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6024 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5712 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5212 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5732 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5692 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3328 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3260 --field-trial-handle=1876,i,15223790758806770075,13940158358305221924,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
171KB

MD5
92f0bb21de86c6c660bb835f40365184

SHA1
ee7dfcc9328ad0560e1d9fd6a035b8efdae3d7be

SHA256
3eaea657e2d8557cc8e98102697e4fb358abfe10b4d95f8dd5cafd1585a2df82

SHA512
f52731ff5972853ab4cf84edb84e18373656f77a3ca1054de48ffffbf452f77e930e5d15e1c6ed0268ffc6bc5651a5c754d237c86f73e40e4848b0f57c91d1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e48e956ff8dec6e33f43191c9ebf940e

SHA1
ecb7affcfd3aa2451f3a722de397887dd27311db

SHA256
2e000078c3e437734d62eb2121220317c114fcca6f9a51933ee80c8707a469c0

SHA512
17456f7d7ed3c46d2334c7d89ef07fa111b12fa1d4d81c4078789950e5a58f01c72fc63f2ecb13887a688e0a3ac38106197384036a0f6ea717bbfa9f8366c3c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dff6904120342a15d4155d83caabe1dc

SHA1
d253220526f56c0a88e4f8e4ebaef0990e7d2ac6

SHA256
b6dc38d52c7b9cc14746a1c33f6b3e5fc8eba1588fbc6d921a5c830f58338fcd

SHA512
103387e52702a181a01379429770b890e121a8b40e58b8e7099c920c8d54240aa316f7eab46112fb07c5af51c75bc5d48964c65e332f3b1af0a0e56e15ab013c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1985ce31aebd84c5c9d223c2c5ee3702

SHA1
b1561ff12d52616bd763c47084491dec73f7666d

SHA256
6b66cb65215d6e4162926832b46b84ff5828afdc920f59dd78aac4ad9d801714

SHA512
937782d1617042e3214ae08e057b936c65c7fdf7adbe687ff4ca6f8e3fe0dcf6793c90f3d3b0bba7b2ed1326ef5b2b3440d3541697392589b432e8d9618adf0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7a7ceed3e2352fa423d6f515b7c7f6e4

SHA1
a6f2e924a64a4411b6fca664bc11d7a2abcd5ec9

SHA256
beaff69b1f2c81ccfe0f0c19e574d02b9a4389cb8ec00050f39e7f7584a0fbd7

SHA512
4a9852fee4f1fee3ba096aad13f667d3a491c52e30b767fe7d8d5dc39cde4dc78fd8565dd963d1321217df8bfb24d2295cc2ab49188bfbc6fcad09514f106d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
8ea89ea932f4f7ffcfe0d006e4be4e58

SHA1
80b0b0df89924db185c9815f229ec5887c4e0a5f

SHA256
f059119e703b47f7656470fbe1660ad8bdba53f953401fe538698b82fa10b74f

SHA512
017cbaf4e98d5a97a0f2e25a2506f927a6a15acd0d329c6235acd1d58fc649de9a07d144f5957f3a8d728ea8d34dd4f2472dbc54a971ed0d577f4291308534e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c0e68ae816956ee893554d1c34b0b24d

SHA1
201a34c46ddc26486db84b8d644c2218ddf94183

SHA256
0c8213f73094f2373871c0f199bb24fa747ece6aeecf2fa17b4d473a5e6b4e80

SHA512
407f212ae837b103ac95f864c735ba1703d1bab3afa564e0ad23d7eec4296a45c279e2c8a2485e83d2befd74bf62a1bff2833d8a806d1c3939b43e5d19851a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e04c975d2f8fcd298eb88a5a7afedbb3

SHA1
03d57a6b8fc11847eec571d77ad0c7de4d78cabe

SHA256
2876467851deec7250ddbd4de844406c25be1c62f41d4e571b63d75d3ae739d1

SHA512
431664cca1b4431f6ec5f81a94f3d82adddb6d6c60046e79b06eb3a9d54bb9eacdf564dfad2d02f50bdb70e674f807e42ac2afb2ce630c414302434fd485d229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a05bc782dbb345811edd9d25a6b5b25

SHA1
c9fdc218ae5aeb594d0545db670deed037258930

SHA256
97edab0b26e80fe70640090e2ffd81a97681e43e415ae04989f973772c60e0f9

SHA512
e7ce6985fa4e1694aa032624096b489355bc87a0a4cc3a48500c4262860d1daaa4985188008e186ef5b45a4753f98d01451a722c1dc9e8515c6f6499421dc6e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
225309b5f9699b7862a435d4eec18c18

SHA1
925335fb182e525fc05bab53c763a912b58e4e13

SHA256
d33e6b7458df262b63b6e76f49bc4e374cf283781151c335b62de39b05c64821

SHA512
799d16bf898d8ef936021dd7a96c067d8182ff86f3f148aaf60679f2283896aa6903be6677189e9726ff0b94add1448ae385c93aa3c140072444816c07312678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5881ed.TMP

Filesize
48B

MD5
f47a13e26f531e867fdfc2296302446a

SHA1
25d9515c829dd6515f18b69544507831576dacb2

SHA256
c22acb45a835a4cf4977c29ea37142ac94d27719cf88689f700df4ae91f486b9

SHA512
da76a61d1ae1ed293a33b122c1e3f63d4e81379aafdd26690be151c8223d44034323b426d3331937cf83f739251eb1099e06b276b0b7e2ffbd0477841f94d037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
c14beff4d142e63ee320082557ec88fa

SHA1
11596e9e00bb52c0551096ad7bdad04ebd7b3328

SHA256
fe29378c3e63165393df19afae73c0a3ad2a3e51528bd2ad1c575f94ee1b54c9

SHA512
f38d2868d6c990b160a9c1c52220461b34eb78e39b5a930774459850549942ee4a87206690acffc225fbbd77890f7953d5c93eb54dc57653433db434e4eb9497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
ad8afdee07ff7615464879c5dd889956

SHA1
f34699a96b5ba5b2e56bb1ad1d469d5e92f3521c

SHA256
1b59336092e0773c99eb45098a27864be97bb5a2103202a59ce3dc26981ced8d

SHA512
ff8b3da5f30b28e86f07f7d983ca0d748e329e39fd26facfda2158540146c594c3d8ee509d3af2046776b1203ec95537ab68f6001c7ba0358b0963546031bcc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit