32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
1200s
max time network
1210s
platform
windows10-2004_x64
resource
win10v2004-20230703-it
resource tags

arch:x64arch:x86image:win10v2004-20230703-itlocale:it-itos:windows10-2004-x64systemwindows
submitted
21-07-2023 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vmOVLcegWVWlOdu009NrbS54pptHxklVWJk0AfqB.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133344189566956753"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3608 chrome.exe
3608 chrome.exe
3220 chrome.exe
3220 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3608 wrote to memory of 3424	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 3424	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2628	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 3032	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 3032	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 2728	3608	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\vmOVLcegWVWlOdu009NrbS54pptHxklVWJk0AfqB.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fc049758,0x7ff8fc049768,0x7ff8fc049778
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:2
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:8
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:8
2⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:3236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:8
2⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:8
2⤵
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5000 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5164 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:8
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:8
2⤵
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3248 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:8
2⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4564 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:8
2⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5636 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4856 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5408 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:8
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5316 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:1
2⤵
PID:1948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,13490854966345093879,13923301293761983297,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
b5a60b43c6177eb5b7dede9b69476d96

SHA1
ceae0497134a8ece3b7d47962e8de641df42fe7a

SHA256
83dcc88fb8199f40e3fb5788653f6f4bce64fae972959e0833791367cb05add9

SHA512
05602590079f6d463ee11920e8716121eaf9d1cf41d963d59e4abb8cac4783e071e4134eb63eb97fe20cd448f75842550e2630e5d24ff2b5da7f82c292e3126e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8254837edf7b98d9d7901c16ab87b278

SHA1
525451ad8474bbaa66eb49c2f247bdb3875fcd05

SHA256
22142dc12c8ad8af932e9a3d6e620df5d34ace519b132454ae55f16015dd97ca

SHA512
4629315d443c1b9ad255b68db27c41186be8adf6e6f07c7470cfb7590e045ddc4e16c0aeeb0579f0f316ba194a3c380f4bac2fe1dc00443c3d9c2ca3fdf181b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
300ce390b800b8ffb1ca670064176174

SHA1
80ef6acd5840fef2a1f6180cfde5eb90bb797582

SHA256
ea98f6507549c35a933261decaf1254efc41b3ab370e4215b3e812bbfd03a172

SHA512
fa7a1383d923adf486fbf88a2e062fc1347abd62e42ea7b1a3386c3387c3990012c956bb3ce2bebe7a9c4e5705b430974fee7497917d47beb9ad6883c4046def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
db2aa84648dff22293d117ccaf68f83f

SHA1
7b0642dda54e70d5dca6fb6c8cbf563981540928

SHA256
e97f55b7782d86aa16c14e8416c5faabdd8745cfd27ace63927b52fabbc2848f

SHA512
3ad24b19019909ca9f6adaa2d3a1ab09c8db12d11b3403bf5f0783df344f19c0d023f150da393fb6032ed92276e6452ba2f0fbc1edfaccbacdb5512a64a0fa29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
f6caaf6f409dddfd339705cdd142617b

SHA1
407e6318cf618804c3786148c4721b749f40b49f

SHA256
c8d02fc21bd977cc9c952708e3417582b0e8a7cb94643a5c202b0c5121323fb2

SHA512
a2f0530ce0e25447e47e23708ff2f30e8936dfc7f693257b316c0518a2c767965224cdc6a2383234133fdb97e9e1c84d881051a66a10515bc4a586689237f3a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf86b6f574fc1ef09d047c04dcc87b10

SHA1
3660434a1264f66e3f473e43eebf8559106cb4c4

SHA256
c86b14e78ea0f497193ebf95784ab10f0bc4ef6529dca534e21914b6d0d0dbbe

SHA512
dbaa04b3ab0e3f3fa5abf74db93dd3853953570bf99e9e5b99d191095f8433f9c3c653f4c26873f7d762c82ee998fffbc33a4031bfcec581da06494ec96abd36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
53529372cad4a8df3517e07c73fd0155

SHA1
8a86c11bff3b315b0158cec9c4202a3b1a48c4ec

SHA256
14bf8b59e345de1aea3563a1c2e0a19d30ce71f6bc8eb22026af6abbb83141b5

SHA512
87d82973125b1aad0acf6269bea0f5f1ae95f42386de4ffe45e230a7efee410e3caec532cae97ece3a0efd740f114ded309c16661a3634d555396ea32630a09a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dba8e83f203c87bbe39104d40620f530

SHA1
685581dbe444e3018ed0cc72b90b955e85993cb8

SHA256
a4e346a2a7f16e1fd6dd8a29fe01b8a8613a5eab1e97afbde3bb46954816cfc0

SHA512
1820513870b16039e5a1b37c8fae092d3061f8f0a23c25e0afb8d3c4be0a3841d1613824b772220b885029bf03fdee35b47165df4d8c9c595c12536af47433a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9e72e17dfdbbd4d5372cc1a30a78150c

SHA1
5ffa094f26c0f6afe1248ca49548456c9abb43fb

SHA256
3cd650ac130228a708c666a27b96c5c23c5c777f1e9015a151791d91d79710cb

SHA512
d10a68a26c523d2a1cd8e0d57adcc586fe3ca7ad56cdd64f3f6ae5f1ee54f336cf1048c0fd45ea57aee898d493ae9adb9cc7e76333babea94da978183c23deb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
01efa267c4362d4200543b399ca8f53d

SHA1
e1e1549b4ce643ad0cab1cca4e9de38f37529329

SHA256
f995b40e55bcfa6154e868f560e6c7e196c8e2662aedbc241567a70827e702bd

SHA512
f11f078a100be044a777b1867ba310278787a0d20d7514311338ad3a871cb8ec90daea2ce2308c1a36ea1a2e999b886bc8aa01d615c3809233b085832f0b2140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54024fda2e6151a169ad9f76b634799a

SHA1
1ccd4e9a180a36df46f48e0250d2803e06d3a8be

SHA256
bfb101f631f63acda00e22380fe732d31b504ea36e0b3317f9b132a6348df784

SHA512
8a7b0b5469319fb00772a6ce07d1563c6b7d769c3fef47ae3e774ef6d926692c5641a0debfe99577b84843c4cbc2efb1e9fa9264939cd5f3563b59119c2a5f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
665491c94bfb6b37aff903adf8281dc8

SHA1
b47d0f776827d7c48d30f13ccd6a1b2dae9fea78

SHA256
bff0a73eed4445788e78c59d2af403dd08945aa0bf7af93f7c4addd4016b9bbe

SHA512
8edcdfe2819927bdede34e3d909f75626de3860f61010ebe1fafeb77bc9b2531fad5e5b1cb5af55809ff0e4cabf5aea97b3b24caffe1b2abb76e6ae674f56232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
645082a9578958f241d41aff7a874798

SHA1
f86e9e0d5cd1decf9b8e0d69aaec6aaac509427c

SHA256
8eb41e47c8b47fe465c4a320f600df7baa8f12ec9f0ddf9e0d844d2ffe2b24f8

SHA512
a392ec97b03f77a3e17ff2ecf43f7601bca93cdc26714009aa3c9fe6d9a21a4b2e2617de3cfd7f1880bb56603e42bae7d864adac0c8e2720ae191098380eb335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
1fae11881a8e6102cfaff6c5a8b20988

SHA1
b86fe89b5171ed4fa5d5668b2cccc38be9a812d5

SHA256
be77b38a1e60c3cb2fc2fbd2d2060933f376bd8cfd91fbfad8cecaaebb3fe90f

SHA512
c0ea174ce1ac4062bfd412d75a68c1be13f2a271be9c84db21712dd973ae5102b2f548ee2ec3456c93ea1aaac560c632011f66c33a293866d05b043023b65f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588836.TMP

Filesize
48B

MD5
c7dcdcca9279c484859cf350784babc8

SHA1
733f7d9320ba6cddb5e9ae10b3ca03bb97cd0a8e

SHA256
f6f1ac24b2367945aecf0d1aa95755c8905d45157591acb053f1909073f2bbd2

SHA512
afbda6f27bb41743da19fa353a5862d27a1891da8f38d5c2ce15921a84c6d5597b717ccf66fe268c8b0200bf33460b615724d02d0a2c4f69ef522a4656778251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
6a66f9a1346f367040758f203b4519fe

SHA1
232d016223f617e46eef0113b11984328a0064ca

SHA256
d564061237ec55f923d94f7f2ea87bb7bd0ca0f95cfe650a3025a8b2470d9cf8

SHA512
4bfa714c3eea8f6c86906644c0ec116821a020264363eeb4901eedb9e02529c0c2cbaa89689a8451502ea4874d64409467f9f9a6f058b98f40eb9dcfeb80721d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8aebbdba910b34a2c8d934f5c519d191

SHA1
5e6545f5176435c28f96b488c905468478bcec53

SHA256
032eca1e8b5e116769938ad36ceb2fb3c9ea79066d2151cbf10599b1ef54d25d

SHA512
0038625afa526151ea062695607b399b6daf444461de0aa65bd0eee85a6c2c7c1da61ff2e322adab2cbdb52a28817a8bdee1f60334741e6e314f141625a9771d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
a3daa26949bfa7cf0aa42b57470c67c7

SHA1
43d6f22de36e6c8b5c6886798b98ba47350f21c3

SHA256
46dec145b5ee6f85feabc8f300dd6f1083bb197eb8f2caa4017061fec05e6df2

SHA512
8a6164ff9cd54b5967708c442ae78182bbb7ed4dc08bd16726727b8f30878e6ae823d0678725bd1e23b0c4f4e5b46904535bace742679fb1344b28b29a6310d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e865b0fbad632fe4f721bcce606c474e

SHA1
400668dd53bda44a98c13bad269a468ecb06ea13

SHA256
6464994110cd606e2b0c20d773bbca69c8049cf0ed949bae0b20ddf580a0d700

SHA512
8bcc02b71bf88231cc0fb6740dbd9dd1f30fc662e9cd1f732f5a2f82cd2f5b1dd661403239010675ee5c65b1b61307570a6f6b16db4b7df858c2a99f3c91635f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
28cb6a1555c453cd3ac92ed64f96adaa

SHA1
7a6d5e6e80ca247cbdc081b15bb85769ce157c27

SHA256
cf5f179cf336f11559ba341d03b30233b22f1c5970d3d9fa14d058b30b3bce08

SHA512
2d54d9820c78cdd3b0b55b4857da661614ed0fa598587fe1d3b0b16815e2ee94549c2125e1da93805fba039eb4287d9f2631dc7ba9b73dfd7442856dd795bc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
f5bcef7a3b8a4cd3c40d492326d9bb30

SHA1
aabcbde86c2a1f01699e17ba9dfc35c198049e21

SHA256
223442609fbd7f6c7ae9833fe6113afdefc3ddf07d6ff45478547921ec241088

SHA512
037955918b31d7b6a83ff630a33b355bcf6f33b054ada897fc8969996c2f9d2a03cf104c35f0fc7c088ace2816dd65337e5edb8d36ffc2e7932a6a718537d050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
8c110382dd9014bb8a5950c35f883372

SHA1
c0f9b33e9b01c1c561d4908edf3b04c4c70fec74

SHA256
3cd59931e26c04dae59ad2a3713cf6d1607adee7bcdbe0ec42095b747b317e1c

SHA512
0e64d7b6e099e9a2c937a49f3af258fafbe41e675e0057eb60780efcb0ed934512fc3c3282b310af289494f3b46c1d27de67aa33f51530768b0306d8254b43db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5807fa.TMP

Filesize
98KB

MD5
f34bf3e62e861e535145d7b3297488ec

SHA1
ffd5d67f789353f80cd9e4501606f9e16f248cf0

SHA256
38d17284d662dd335f6bc8a30606748d59fc7d1136c0237dc4b6489b51b08986

SHA512
047c2034e5e551bb2f9dd348785ad724b783eee38e06fc82193e1dcb82d4d08d60bee369ea2d386c230d0cc0967c97cb36563359b0e077c35e362e3b23c0aa43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
543d9d3a4754301988fd4b4a43b1ffa3

SHA1
9ae24fb876f1ea13288be1afd2a28b476da68cfb

SHA256
177ae0010d1e54ea338154ec418109b38b0149c3f821669dddd5518db1f36c13

SHA512
4fbe3254ca86dabdbc689e84d605ce92397c63b12df5a8f789988622d217ccf6a59c766b6c1d1005727647ea48b33c4ef6c6706b042b4237f47a062cb40ffbde

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
0837cf3ee21972efe5f6a0a4845d58ef

SHA1
9c6dd5a6c8f2afc7c951252e276badaf3ae4f28d

SHA256
7897caa5cf637eeed62c7cecd12e16d4a134d66ddfa311244b6e0dfbfea7822e

SHA512
22f16a1fffbd235feafa083e0e4ece2ddbcafbf063f69568bb2f5aca66517b2c501bb461da649c3a07e7bbedfc6a9e39d4635b39e2f8695ab527e4f5eeecd0ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
8070b6eef28602232750e6a28f309302

SHA1
83be8cb354506ec38bab931ec0a0c4c2d4873e8a

SHA256
6cf97d52d5a20091ebbe7c22bc89fde4146eeb6f148b0caffb9a61df88505c7d

SHA512
fb400d2e9e013888d459002f55130ffb10098f388f501a31f953a9fe96d2883c3bdcf1ff96d25f4b88db7edc2ff751aab500d0257e02274ed15b3b00903d4191

Download Submit
\??\pipe\crashpad_3608_ZPNPKBMAHEICVLPZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit