hxxps://www[.]mediafire[.]com/file/v7l2uzucofruckx/DupeMod9[.]2[.]jar/file

Analysis

max time kernel
1800s
max time network
1687s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
21/07/2023, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/v7l2uzucofruckx/DupeMod9.2.jar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343789154741655"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe
3420	chrome.exe
3420	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 3076	4264	chrome.exe	70
PID 4264 wrote to memory of 3076	4264	chrome.exe	70
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 4424	4264	chrome.exe	74
PID 4264 wrote to memory of 536	4264	chrome.exe	72
PID 4264 wrote to memory of 536	4264	chrome.exe	72
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73
PID 4264 wrote to memory of 4536	4264	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/v7l2uzucofruckx/DupeMod9.2.jar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff90709758,0x7fff90709768,0x7fff90709778
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2040 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4876 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5036 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5128 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4780 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5276 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5660 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5640 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6280 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6436 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6576 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6776 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6128 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5968 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7004 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7160 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7136 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7480 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1680 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1564 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6220 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7000 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7648 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7792 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7972 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6620 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7324 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7896 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7396 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8144 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1720,i,1121516201180668228,2747066287877547318,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2ae26e44-0169-4152-937c-a9005749ce5f.tmp

Filesize
87KB

MD5
f6e16e8e925050750a2048c47c7e2477

SHA1
e54e944b07b6ecfab74c447d8a9d3b97a8432a75

SHA256
6f0b9208c51736161bc1c30ad09b1a9c3733473eba5d64724d9bef4ff5e572e8

SHA512
cc2c9352b6c30576c4b51e9e955aacdca25f4b61130dbf4cff32c980ca14928c69f80167a798747151ef26fc940154a6b99a0dd5d07da4673d0ecc11ed322ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
794bb88338e5af1a03fa4cea98141864

SHA1
93e879b64098e3dbe1a1f511db1221fd15a032d9

SHA256
7e698c81f1904c1702ea60c958c9d49d87ecf8bf5fde42019b2571336a3f586f

SHA512
ca3279aa46c97e9f185f790b39f6a652a4fc23266235b48592f1da2f5d4fe60712f3ad5d5cdb9e18fe2a33677becf2a5e9ec2e6953a242c4f6c5a6a7da686c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9dfb09ab539acd6dd42f397b457d50b8

SHA1
64ad3875733d292d612568cb748790b5d89f2ecb

SHA256
9d75340085ee2a6b89a4215dc425e089d936564992eb8c59a15eb87cd25305dc

SHA512
eda60fd70cf19f586fcf4d4b58cc3753b1e31756c008adf6ae2f3d80d84177c2bb8a851d40efb4c875dcc1c194d2c5c01163f8855c6842498ad5c2fed92a196d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
528043185a3d95723bb05625524ac918

SHA1
8bb1ea674b46fa9bb903f301380a58df5c7df80b

SHA256
22346b84b687fd96aff9e76cfabeec81104bd9cbedc25af9f95d223933cd0c93

SHA512
76b4ef88a50d229e3b8eb48932317e2823a8f1a2e53cc43f91b16bd34bd25add872495d4a2ee7262f327ca1032ab16e1995f8c47e8960f80616540f6f4d971e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
85d05d7dd83041c984bd40f490b56e3b

SHA1
5340f75c75ccf1b6957094a544f3abc3e200ee24

SHA256
f5c67d903deb9ea8db9cd312227dddabfaa64d5a650e1f541c63d277b36aa42d

SHA512
37bf3b8e506b89a976b3f2b3e352e40dd34ee89862addc9c53f3fb114221dd56ed572769a7dda2dedb2c08de7857dc2afbf403adbc7e8db1d830907baeec3688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
2bbcec08e33cfb92b9e6221094303b4a

SHA1
0cfd9513d7786af65360eac360285a1629d1eda2

SHA256
2179a6400884757ec8caf93bff81bf33d974a3fcd6cae30c1e7f20b6b8f4f9e5

SHA512
18202d63a172b91ae2dd8260668be88e275cb438db0937425eb81b8fdc8e2eaa4c2008afb710b47c130fc3b0cdac32d0d51a0d0a1a1a96bfe1372a81b78a05f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4de03a8630fd6541be9778dd88d0fbbf

SHA1
5f535f72465b753433225116d7a5f6c9c51796f1

SHA256
b5e73116b35ac21b790e19613b5a64a52a8b2efdbb8874359de3e6960dae74ec

SHA512
729cb790ab1999eab805d1c287f3362c20098d5c7ec4b95a6791d1821a0c535acd8126b69a32e815363dbe428517a4f09641a48cfbcc75a3bda6668beabb8c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8658b5613b8a59ed65f2af9aacd20634

SHA1
c1c87cf3c839ecb7a5566c957af1754b34970718

SHA256
96d5ec2610627c99ae9ef4e15260ac2252693be3719460e4c6874c9ead5fd2d0

SHA512
9383ebd18186795fc08d196ce8bfad8d11307c34e6da545ba57134af9a9c681a6e8f63ea62b4babff9618fffd52d92eed5763b31bba43ecf324f76cbdeab95a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
efdce76bb08cffacfc6f5a3469854012

SHA1
de001b03e78b4c07615fdf27944c54dd1ed4eb7c

SHA256
a8b5eb9f12dfeb0a133e03788a18ddd6683af650d0e1377659bfca5846b5c481

SHA512
f300bcdb9aa190b9cf45e5e3de04f34501df33e490c2441e63e85d998ce8f5d80ad1fc401f79e733ee36d4e281cc77f5560ef558855828fdd6b841cebe64d2e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1db93fd03caae5f5e8263ae283d21fc7

SHA1
820899b89fdb8bd9388cb6edbe25de338b8f4ed4

SHA256
6f7f5faa1951a71251a37ed2b6b922000d14ce2f380129a9e6fabde81a3ed00d

SHA512
141b052153dc09f6bdeaa580d54ae5633f14697db04c5a3bb8b8b8728f6cf9616fd902e0da3cbbc978b88a3481bd6f139ccf5bb30ce48c34b5005eb8f0e51fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ee7c26552bdbddff5803e36a2ae827a

SHA1
8e0ab7559022ffa1758ac85c2e5995345adcdd12

SHA256
b74336d5fe44e4f999059bb81c64b439303f71b79780c6d97537284f07e5ee8d

SHA512
b292dd8dde8307a222e8a5ef0063d61a838c8dbdc957c90c33350767ff0bd04733c901a234301eda3cdcf298b5c6e0d0dfe837a034ecab2db065118f76ce079b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ceadb4f6-cf11-4d83-9952-033b6de9cc91.tmp

Filesize
5KB

MD5
eb50c695aaf7f19ba84dc71ae601288e

SHA1
aa9187447ada7e677aa3fde0681f3f073196f68b

SHA256
e0c5cdc500a4bf17b07f0e6f70c12739bc57854101b8e8f5c83c796a07970c17

SHA512
e19bce3d8372f0fbb3666397cb0c28a3377de4d2fb5e8637c5a2fd59876b728b2de07f71af32289d30e3c7d4b75c0cc9cfc4bbc345d95d34507f29b74fa31da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit