hxxps://privatefilesbucket-community-edition[.]s3[.]us-west-2[.]amazonaws[.]com/9[.]4[.]0[.]0-343/ce/client-tools/pdi-ce-9[.]4[.]0[.]0-343[.]zip[.]sum

Analysis

max time kernel
191s
max time network
195s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
15/08/2023, 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://privatefilesbucket-community-edition.s3.us-west-2.amazonaws.com/9.4.0.0-343/ce/client-tools/pdi-ce-9.4.0.0-343.zip.sum

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133365827516531821"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4175128012-676912335-1083716439-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
1076	chrome.exe
1076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe
Token: SeShutdownPrivilege	4996	chrome.exe
Token: SeCreatePagefilePrivilege	4996	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 4552	4996	chrome.exe	69
PID 4996 wrote to memory of 4552	4996	chrome.exe	69
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3160	4996	chrome.exe	72
PID 4996 wrote to memory of 3472	4996	chrome.exe	71
PID 4996 wrote to memory of 3472	4996	chrome.exe	71
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73
PID 4996 wrote to memory of 4204	4996	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://privatefilesbucket-community-edition.s3.us-west-2.amazonaws.com/9.4.0.0-343/ce/client-tools/pdi-ce-9.4.0.0-343.zip.sum
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb7ebe9758,0x7ffb7ebe9768,0x7ffb7ebe9778
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:2
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5700 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5724 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5872 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6024 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5964 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5336 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4524 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5924 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2936 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1448 --field-trial-handle=1664,i,8065570384998713831,3635366777725335868,131072 /prefetch:1
  2⤵
  PID:2488

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3152

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5048

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3940
- C:\ProgramData\Oracle\Java\javapath\java.exe
  java -version
  2⤵
  PID:1004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c86f7c3a20030c61394a18c85ab4671a

SHA1
917874118f95871b648744d0e9e029639d6514b3

SHA256
c463fc94eeb0b960215e6dee0ce448d25c454264161724317856714a20c5dadf

SHA512
f2d4fd6755bbf6711f444b2ca1e42a9bcfa3724009426bb4549e6cda1baacf93f017dd64985dfe9dbc814757b0a223b5f9a82babbfd70ffbff4aede1452a60e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
98c84c7f35e8260beb5dfc264b42bc72

SHA1
aa9ee7fcdf21dd80918951f6709f97401608b8f7

SHA256
4e0d996862daa1798efbe023059527c3bd3059d17335a7e035d07639b2419615

SHA512
1cb7269d7cd9a1c427de7fc41ac92e4c0ae4c7789c53e8bec9389b5d81a450e192fe0302c2da8a866c8d10176662840f1d8de143f7250f12e6853fb47d4d20ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ddcaa25e179867fbdc9c1d50bcea70d1

SHA1
ab51e3a2e37662bce3047153b15b715b14159234

SHA256
fa99bf2818d74eee94e1cc22626b6bb0a2ed9cdf4f462f843d3b4a35969c8396

SHA512
f353891bc1a186c63012026b9713965b1da6caf5f5fd98312506d28aaf43a7dc67e0c4b12c772a149b319b64af1143d8fcfc4b2a4ce49440e4f4fb56c5e752a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f292a1009508db2625b88e67079dae70

SHA1
2b8699e6b8f11f8e30fb3bd2db8315ff3f334704

SHA256
56d60d96bc8b551077db131609d36f11af2bf7fbbc8473a4ab9272c5ef4c7e38

SHA512
eda194dc6018532e0cecc31862bee8967b43a572aa06d18108c2530973fd0c7c1ad02d58daeecf8b876dacbddff1855cabba017170cb0d0231ec7de130cc240f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ccbb257daed77c6a095d71780e0f711

SHA1
801db87a2d6446ad4c4d2368bf83d23530b4a392

SHA256
b33a23adda5025a8050e14af830014b04d6baa2837564ee2d845138146d910cd

SHA512
374528012021dcfc07da57c48de4857e6d0f546595d50fcd9f6057605f1d0ae73bc51d539cedd6a46fc3a139bf2c2808812c0211ba605ebd5e4e4f85780b5107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
118a540efef94877df6128c9c82e199b

SHA1
be8e9f3d967b65713f4130a1f0f7cd27d7c45b79

SHA256
2b711a5bd949903895ae449283e1ac91bb7ad892cf891b2c758b8489ad868506

SHA512
774eb39639d97943eab5ef4e2ee7657f943b5463f643c45714c6a8b3e77b353cd8f3f91e077a591dbe0f0d6137e04fe42477802f85610e536bb625233133ea54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
7c99919cc7170143ae384f2a38a1e666

SHA1
4b04d0270416769616648bc523bb2db3686c7862

SHA256
6f93ab165857953acc62758ac0ae7c1701ae7e454deafb6f083c600046ed6b1c

SHA512
7540b1257cc55a5d8040f1a167d541b4d3f6db3f0c99431ac39d2a68b6a2354ac4621e3409cd3aa235e620230293efd86a63a72a5f90f01f821aed401ca57ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b089100a0a05b1ad0fe07e1a33acb28c

SHA1
da3cb8ad33c4cb6d574f3f3fc96fb2813a3a7bc5

SHA256
926659f2f12ef66429d6d4302be307c2590211f0f839d743494daeb15a80ff63

SHA512
5cb9432d473ddf07c8fde081e1cf9ec7ecb90bfec1ea62df9846de6f67524441716fb854bc2b587e29b14df02708b3f017dc68f25339cda6b5ed3384aab1c326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
da435a05e629519f703baa572c25d104

SHA1
d7feceab3ce5bbbc1cd0c9f2830980817d191c08

SHA256
c89ca228dc51260a9c0fcf5eec4fd16c0db080129bc10b0cf3383e1dd364126a

SHA512
7b2464c2358f9e440ac82bc227c69d4684ed986183b8db8be2b417f5aaa6fa84100f06ca291e4277567aabdbf9dce6ca1d5951aabf1d20a6ef1ca78b4b4acff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
f04e6c0804af66dc97e83d071e255b00

SHA1
73603aab6e3c3030a2e0bcb8c7a2331347d4d5bc

SHA256
1afb9fd83297bebecfb1e137bb09a69e0af381db58bf929bdde17338c9c8c14f

SHA512
1638ec211d6a24510bbc1d99e67598851d805a66eff4ac90903586114bd053fa0d2fabe211db3f4e8ff5623c6430e5a53a091bd29adf913f31dd401819af84a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a134b.TMP

Filesize
105KB

MD5
18cc00ce5fbe908125fa95d31b1b37aa

SHA1
d8fdad4133947a92471857cda10138e15dc40b9a

SHA256
2ab518e23ee0e1ae85e1e40e3607d942ead5b297d1793355ba0ca5e3ecc4ff63

SHA512
90b22eafed613e1735758ca1bb6483f60eb628e3f42480d674f5815077ac09f5b28415208dffa46dbf683e322c0230b0c6093cf259015d9e5f04d29cb07d6f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1004-216-0x0000000002A20000-0x0000000003A20000-memory.dmp

Filesize
16.0MB

Download
memory/1004-215-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/1004-205-0x0000000002A20000-0x0000000003A20000-memory.dmp

Filesize
16.0MB

Download