hxxp://109[.]205[.]46[.]3

Analysis

max time kernel
165s
max time network
163s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
01/08/2023, 21:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://109.205.46.3

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133354006454821454"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 5024	4992	chrome.exe	69
PID 4992 wrote to memory of 5024	4992	chrome.exe	69
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 1660	4992	chrome.exe	73
PID 4992 wrote to memory of 2712	4992	chrome.exe	71
PID 4992 wrote to memory of 2712	4992	chrome.exe	71
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72
PID 4992 wrote to memory of 2644	4992	chrome.exe	72

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://109.205.46.3
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb7ebe9758,0x7ffb7ebe9768,0x7ffb7ebe9778
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:2
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2720 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2712 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4588 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4428 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5576 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5336 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5448 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1720 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5800 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2408 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5640 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:68
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5472 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1552 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1696 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4384 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1552 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5540 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 --field-trial-handle=1760,i,3083937164398162643,818763347767763890,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1164

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
39KB

MD5
500ecdda9ad3e919a1f41c1588266a1b

SHA1
d5ddf92dc08284a48701a4d3555590bda05f77e0

SHA256
caad3feace9086d27e006d538d2daf4dd50e2b33307232a7db6d5f8c48f73b37

SHA512
5e47a0d0721ec0f9adb5a439ffc98c1b4da780e74270332313f8350f228bdb919d32c4812c6ede84ebae3ead1342c2eaf4c73f4dfca5a87e8887e1b5913c0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
5bc2d6e5cb582ec050a0509644046ee3

SHA1
b449764daaa4311b27e7be47d1646a538218c6e2

SHA256
09daac982e009589472b8b0e2a36d460834185deff9cf4d90c2430c635cd384c

SHA512
4f055a204e7bc94320964779dd00d9203866cba20a6a25cb6338c3e601fd10dd7647443b1ea2c4f8c5156238b50174b0266f36f2aa337ff03a9cb71801fd08bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f7779a046ab9a57db7ea844cac70f666

SHA1
e02942e984de227e14aa7ae25c86706aa50b734f

SHA256
16a6e94472bd768b0c7f2a540d6ac874a0202bfdb5ceebf454f50d15af1b3fe7

SHA512
44db694022334c777ad757410b9306bfd41e562b4cb757e75a8404a80c7e4bdb7e055e21baa980b84eee10af1f5b4fe7e8ada38292a7761c4530731c950e11cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2661927d9c967a41805426f341e91b67

SHA1
3481fcacd2b123d4256d6954410f73540f162fbb

SHA256
77ec517073b4aa16d37bbf93c092a54e2e2539bcb6e2b2aec9cbea19cfe461d2

SHA512
f630b25c885ba6e1c59517fb3e95af11cec5aafebde308e94257eb5ae3ed87684c5da9b061b444e5fd0c77d376c68122ce88a53b79acccbc2ca8e3631e1089cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a619ee3a0fec817e2ad5c19420404c6d

SHA1
1a25468ced330b316a60a2b88d79b81b6efad033

SHA256
8438f26cd8db203d65e121bc47c92f2d3a7b891aa277d086d22380da5d2008ed

SHA512
ad1bcca18b9bc486417fc42309a7c885da8eb6b0f0c1c8689a8e8c7c6d87b0324cbcb68f1e078607a431628556c1acc852dc6b3c317387a4a1cce29e4e7e69b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
afb2b762ab001bf8cb11e31f2f45ce2e

SHA1
eeb2d359379e0485372c31d01152cab47f59ed5c

SHA256
bb2d0852f3a5f95a6d6d27fce52e0a9c2822c138b84def8fffc471b8a6ba1433

SHA512
f970e7a7a7bc79aa0d672b790bc22318e08fdee4db32a1f1f1fe33ee201536a55baf8ddf5e3cc9d6ab68f5dc1f971d2730ffa80dc956c5fdca9b6e461f138388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
aac91fe50dd1f9ccccf24a30568a9173

SHA1
c610bd2f9b735f28a09f861a3e9e95bcb30d37e2

SHA256
7b0f4eb3dc1d3acf10d5ed6fa511a25d40d014fddcb3ef277338c5624989994a

SHA512
9aaa215e2345f9165562ffda57afd17fd2ec35fa9bbb9489bfc6a49c21c9a0cc98d1c1a3048ce9dfd1f0eee426f49a55aeb61fcc9d29c950e86a9521880c1a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74dac6c5c181c09abf65a8e639b8c8f8

SHA1
29383037f3818853ed407f0904e65957df0dc0bd

SHA256
d68845662c25b5c4cf4efaaf314e817e71c7057a767e3d3c4469deb151dc5ca5

SHA512
3755b34b176a3bd244429409e2b805db0d3712a918ad3fcc08faacdd17388f96555660f198a86dca9e17576e89981c5e3cddf3cb94ce7a788f269e06554dfef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
842d953cd4a96e0be4ed8f90486a507a

SHA1
962bbe5646bf68ea58cc85d198e270c658b5c434

SHA256
7d9a9552fa3dd494d9324c11d27c6cd5e2eeb71a73905931065269ebdccd7527

SHA512
d6dd993bb40afad566f8aef6c43680df4e6da1d1d5c149ef246de22b72190bf072e1907d0a2a874162e12611d9d1aaf01dfe51d4f188def5da744d1a6e42df0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e53edd4d24025a74522bbe8072623530

SHA1
5869eb6e8263dc48dcf7ba5a3fd684bb30dbacde

SHA256
dea53a26777ec1793cd8fe319f1ab30614e0a15ee1ac7dc779ccfdcab3585a04

SHA512
b58a52d2f70d6f6ea47864b91998c92547b0ef3170b0d28f681a6519041b477cb662367642fb34971045def0ea9ba4ace5ec64c4626885e91af5be78a6f91655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f63b6b93122afc7d32708490860f290

SHA1
83a880aa259cb6da8e631637a0a063808c8da0f2

SHA256
2df9a24001f7ac2a0b50676ece77fda85acca3edb536633222e44346a85eb54a

SHA512
f6f66cc269556cae021ae32a387d7eefa7251b7a25e9cff41910f45634e116ce2326ef25fa666fb4496dd7a1e0ad54ffa253bcc4ec8ee9cc5e79f8cabca87454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
779f1053c7d741052547f4becaaae03f

SHA1
79a02838058348e9ba1e4d593fd0412ca1739701

SHA256
00e70e1d9523458db0f016fb9c067a5b3ca6fab706f2343dd84b5975b31e3151

SHA512
e94252427e4de0dbfa4024a2821b0d0d788e5ac5637d9763323930ace1eece55cc7577b7fd92aee922d8c1a8ff8ef499eb3e237da0db18a74b707d78660a6e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59f63d.TMP

Filesize
120B

MD5
18138de2e734ef9b1e291ba4929ec720

SHA1
852d29388862ab939231a514cbe2dcffd86a20aa

SHA256
1cb7163c667b898ca8ed1812591ea2a40453d7e3a30a1945c01792e7df90c250

SHA512
0a9db36316fc0b41210157c2dc92c634dd892463f83afc6eaa7b3c79bf3b30434c34a95ec52d1d1dea37c04f038d21564e8b2fb5b1162672d9d1a1864f72b5a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
1d8ec520a046dc507ee2047b3e0ef743

SHA1
0035417d01e22b505d99a2e8254ed2567cdf3f0e

SHA256
3d858c688e6d9d79b5af497dbe85295077c49e1a1278af8cc9fa1d08ba831caa

SHA512
14e8f3d8c30a8c02105c5dbe5c918e4bc7cd63864c8ad9dfb5b03b413c89ab844edfe2ce46ecb8ed648ffefad1376bf246ff4ee6c73344b75726a4d90978e32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
4fd2dbdd734a69d94f978187a2ef2f67

SHA1
20a4bb797cbf2bf46bfc0e3c3672bfe67f1a6283

SHA256
e76b2068ada3e04ce9de84fe8db74120de9c92790e1e08c3d1e7f569f53f7013

SHA512
4e4d26b5c30da50774106de035e5113d2134bbc981874438cce8c20a52acf5460f766698842e929a4b78be536398ddfc8183a5b97464574d31bbf7fb77d7771e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
dc0d313bc37cd41d34f62f28a200fb2e

SHA1
0105031366867fb51803f4d10f37fe49026a3625

SHA256
497eaaac1a4edb028da7780f8493b72efd6faa0e7f90a2300e885f87413d691d

SHA512
c97b2e786c60074ee249d948eebd5e9b800c264005b67540aefde927c100e8e56ad01aa661bac71d54215795a480232df6c3ddb11ed0c67395dd3e79ed7c9a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59f3bd.TMP

Filesize
93KB

MD5
15a143ffafc2ce7945a582b80276cab9

SHA1
450775d66f23362ad621ceb526edef7810b17b71

SHA256
3bdbe8e07f0d1b9861aa14a656c81ab110775ea9d2dfe511bdc9922159be210a

SHA512
62e81f3c151bdb31c0f3300cc9efa6ce88b80d5389d29a158517ae2663b4c9a2b4b6808f174b17497efe7f73ff467fb4043c7836f8614f0a0142d719a4adcfa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit