hxxp://emupdate[.]avcdn[.]net

Analysis

max time kernel
249s
max time network
253s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 07:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://emupdate.avcdn.net

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133356085081566306"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 3732	3036	chrome.exe	38
PID 3036 wrote to memory of 3732	3036	chrome.exe	38
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 1644	3036	chrome.exe	88
PID 3036 wrote to memory of 5088	3036	chrome.exe	89
PID 3036 wrote to memory of 5088	3036	chrome.exe	89
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90
PID 3036 wrote to memory of 4120	3036	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://emupdate.avcdn.net
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff37799758,0x7fff37799768,0x7fff37799778
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:2
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4720 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3280 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5084 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5816 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5944 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5420 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5408 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3148 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4832 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5656 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3372 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3180 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5740 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5596 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3288 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5832 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5820 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4504 --field-trial-handle=1876,i,43290241950975473,9551101457254077832,131072 /prefetch:1
  2⤵
  PID:776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
451ac12a743cd372822530d908184103

SHA1
65c83807b1ff88d3b32b06e7c3a7b99b94bd5fca

SHA256
a69664f84ba0e462e0fc521c2b82b096dd887b3ea5e37b9eaa31c40901d1c253

SHA512
d2ef7828a3760fb8491b70ea3a86a9fee1df4bd5ad366d86fdfaca39e87fcde4a5523e1caca5a0d6cd7cc2506c6eaedc2bf74e992b49d8daa300ad9490ac4b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f9a7fe60b18042ce2ef8780535856874

SHA1
0420b2a1070729145f1cda9eb0048f515e9004d8

SHA256
aa87528cad35e1ce0b54406deb2d7f96323cfaa45bdc18a542b17444d093cf06

SHA512
04d0ed39b6ebc6cf6828c23b796c23cfe865df61ca25b199e72f1683f3fe117b26abf13f2142280a849e370e3b60b688998c2e254967a7610eafc242dee4bdb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5e2a5a651a4a390c731846a52804f058

SHA1
2e6282e093b82161c5002f51f0aa55694eb3bf4b

SHA256
7964a032c9c61e8e9d80ea148d88d451e873179cc5ea2c3b935d90b952872d98

SHA512
f6452e8bcb2e29ef2f8769b7b54ae88a378dc63f45670644a993eeb7b065df2f0b435c6462fb34d2171bb1a70ccf357d6102cfbdbf2c2b6c11754f4d7f2dc141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
730bd5e12f9d453b581cba6fc4318968

SHA1
ded7b037ff9783e5c0d6fce70374c19e3267e03f

SHA256
6d3c478ec0b4f819b55b791bb2552580e84ce6bdc5f5c556d9874db814701f48

SHA512
8011101a28aed07764c7d2bc07b07cfe87239466022f3aff3224a6e770426bc66636288748d5eeaad992a85dbedf92f24c757c3f6ad31bce3e2460ca1e1bd956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
be74e29e0a4a8849e3425074e85fc583

SHA1
a9125aa63ff06c1e2474802bdaef97405595d9e9

SHA256
a44fba3143a497dd205b20259401ea9360f0c7d72dc15ab9cc4a5f4747454a14

SHA512
e24cf2367a3a9a6152b86d359533126d885977df22fccca11c7668198db59e09fc12b4eedfa42f8608593d6a3ecb7572d68743bc8372129e0662f55338793f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9efa32d8486d54ddd52c9fba8c327004

SHA1
af0238ac4998c25c402b185fb8ab18c8415ee558

SHA256
13b34c8f6b44901f554e087e5b9359da84dc4e9ed359e8a4f5353a9a527d9463

SHA512
ac345b490dd2e7a95d123913794e34ec06c2f44ff407a60237f4a5a3e680f4229b1d1b00f2f4f72b6e5ca0f056d699ec93c9e7053066ae8d5863d37e526f46f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7394127fd94ea641d5b6278f7cf8ed8d

SHA1
27fe0e25857840f45a38a4e810689846242c38d6

SHA256
be9dccba5f256b02a028234cd6953f75e5370ce1bbf3f01943a1f5b5e2da988a

SHA512
ab3ce3788e2d0c3cccdf67c09baa656ef626f95e186b75662525e8018700d61e8dabea630d46bd12089982fced504866ccd319cc8dc49b7510172e735aa9e318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3682efdd36490a74a928c892f6167b6

SHA1
1fe2fb5b17852566350223a7836cd2b113deb022

SHA256
8c1aa7ef98093a7dc58b2c9ad4a563139a04908c6edb94f705b2b663d6668ebc

SHA512
f29c115c4028df76855ec620d0691ee67906bb16da85951168704b11e44a4bf090532b5d635cb7abc8f50d240cef69816e1584a2349b17f7531f7dfccdf09524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
db832cf0a0dd14d2189f6cad80fbc9e8

SHA1
d1b6bae90e44f044eef7f39ee833dc3d645c48d9

SHA256
337e5d65acb4f1ba3bcbc7bd9dcc2efd6c0d8407f5c390ffdef95b0c6ef7d387

SHA512
e5b2d9f3ea998a096076c1df54373d7e1f5ca7d553c1abba6c580f030545c8cee705c6a0754f8ffe06adcbd20be376d5feaddb661124521ac44c8f135a05b117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b46e2cb29b5aec0126fc7787a8b855e9

SHA1
70e8f2d42012dd5007b7255026ae27399c8a87e2

SHA256
a3b265237831b57514a08ed60b9a6ea1ae43cac34c905bde3600e2f9ea9ddcec

SHA512
87474de4bcaab694752f95d51e8fe404d2038f92c8d6265210a5fbcdfa3770a2f8672dc3013296b8ba400a63bc38a86a1a58fedf31a2986789a4bd6d881de5c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b168230fd6211ca18739301f51160f1f

SHA1
8ace056b6e0aa4823d7b615b3520dc2f340568af

SHA256
a52baf8be8b0166b7f7c47f46bdfe3425657876638596a887e508c9ea5b14530

SHA512
622927bbd9c1412fa73eca2513533889e9fd69918f48c3c25300c77c510fc0181cb4d016989e7184313cd41e9896ff9b609dc460042a7e7c8694e267bf691099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f1a9cfff7d36c350d05f625d22931996

SHA1
931bf28b3fba1d1bfe06639e7ce37ec5d8e5c773

SHA256
13e96c6bb1d7c29cf86152dcd53671f53e1959341003a8a320c1dbe56ddd093a

SHA512
7f0f994b6926d0c98f98d04647f75b9c1dec61b6d99e1df4b1ab603cfac5312a92eda723b6529c9ed06bdcbd539c3fbbd301e039da2e3118ffb13aebb83e8a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f8265606fd4d0261a950680b53313342

SHA1
e799beed4880cb9f49478cbfa298ad2acf7fa958

SHA256
7420b1f9e2d7a9b777c79b690309aae68e7b6788c718a79335752d509c3b3d30

SHA512
aaeda4b4f2ead4b22db34d754747e0195db8c3890a0ee3eb14f0d274b49d4846c3cd371d36f6c5e18aa2a22ee53ccb72349d0c085fd9a7253a910144b5e97ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
9068fbb482c871d73dd1292cf3f6fa4a

SHA1
9536bc64a9af8698eefb1f27f6fc36cd41c3c5b7

SHA256
42477df4d4a33d442207e8a518da673c9081ccb409f05b2e67ba46ded67b2398

SHA512
f27219006f22ce190bd2e79f2e3faf07c0a6990c4e10f6a58b083b9b4c38d52ee0e0ccd4afa4f11939352c67723152a219e8c708efc2270cdb2d1b8baaf9c5d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a1c15.TMP

Filesize
101KB

MD5
b5bb75d2742e11661ddc2e10ff478905

SHA1
641b8ebda6597d4ea49d681f5d6de79cd7ce1961

SHA256
8a85ad14a9fe90587d112eede28f961452b6c44e06e6c6c010b65d79e9b7e299

SHA512
f960846d2c74fe59278d534a7bacbd6e92395254fc64b2de4ca3d6809c0324f6a815000300813c756997a1e20aaed6ff8150585e6886e4b1371c42fd00a3ec8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit