hxxps://google[.]com

max time kernel
64s
max time network
68s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
24/08/2023, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373453443969276"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3552	chrome.exe
3552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 2324	3552	chrome.exe	70
PID 3552 wrote to memory of 2324	3552	chrome.exe	70
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4844	3552	chrome.exe	74
PID 3552 wrote to memory of 4488	3552	chrome.exe	72
PID 3552 wrote to memory of 4488	3552	chrome.exe	72
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73
PID 3552 wrote to memory of 4468	3552	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb03ea9758,0x7ffb03ea9768,0x7ffb03ea9778
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3508 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4880 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:1
  2⤵
  PID:356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1908,i,15497775770470257166,11617583371398725076,131072 /prefetch:8
  2⤵
  PID:3528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
ec96046e10f175539dca6fcc0c25e283

SHA1
07d1fc52cf117187f8f59f5fb15ec5fce8d8dca8

SHA256
23e302730864d1c3b679b1d5ce64f9d340016b6981a95d7c7c844262e3a81647

SHA512
0961af4a84298464ed9bb51142ac6497bbd01f7e16989a2130ff8bccdae85e9a73e455a47c279d027cab453146daefa6fdd20fe01709b649818ba452f1b252df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
7cf61e1eea0c5b914b0081cfa5bbe548

SHA1
fb08a27194c69ec11f1c4eac4694218b589d8205

SHA256
5374d0ab420518b3680062db69604c2d670cc8fc9bffca0270d4e646f17a1484

SHA512
06241db7e793420376609fc7b901662072223ced12462704241636edfacb3a8e3ca3dc241df20f2ac560689c1f2d393b34d44ebb54bf34ae012a2646e4a3f9a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e5f2b82e23e338b4b9f550e5ddcb285d

SHA1
d9a0c5851777f7ad556c3c4d193161eeedec840d

SHA256
877e19a6304da53d54462257abe68f7f46c304bf3f977ed8fb87e2c025a2407d

SHA512
2d20df82a7350e63a1707f6a3742fdf00b10923706aea473798d3c9c4f3a56e9f4998c1e70c0a6e433ed05fa4c4aec9de9ebe15628f91f4773119eb8b145fd65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
43a55ca715d07e9e5997124c65e35943

SHA1
8cc19d5bf8892b45b432d5e1ec188f9ec8992b5e

SHA256
d04bd567919d98c645f31cb19cf3cfd9e1add2316c9d46553261d70f778efe59

SHA512
8623198008e940d7c3376d37f35aa4f4ade289a7681b1baaa5ef3df52b8bea41f7a24875a2bd0bf8a9f9c1614768a10e8098b81f565a8f9e9e3a281dc2f4cd3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
30a464d3a799338be952618a788aeeae

SHA1
b619c94f0bb731f8dc6167bd00ee519644453cc1

SHA256
de13a59a4f601e6798f6225857f97c8afe9c833587c4e891d83cd182ea657847

SHA512
8561d5f089e8a115abfcc9cde60850bf1695ff5834fe65d6d3d5f4676da04e1b28157d30800cade92d8a452cce6980866b49517dac21c80eeac68fa4d4db5042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be804a3785c54e873ecfc4e58b181fd9

SHA1
5a15fd0af8f94417b71120c37ef38ce73bed15cc

SHA256
5fbd6cb75f46a492fe5e474274ec2961856620b5b6950ab589cd94e86027920c

SHA512
5bd202d75bd7f0472e70f9bd6483be44a902e21a32cf6b4e58712fefebde709e46d4f651453e0b182618b831cb0ee7a597d1af3fe4896ececba337b22aa5f8b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4152aaef0be17fce359081d19c774489

SHA1
2e0f30afcdee65090ea3d9f5b3873cf3acc5088e

SHA256
38298b278a561b5f606a17f8327518093912bd0dfab8b19ca1175e5b4b07636b

SHA512
a13f860c42e82b2ee08a77ceb964f45fcbaafff48e9a09ff3ee537beed2a453cc2eb8507bd766ff6a0d82f8e00431ef06cae5ee596ddac2b87faab7798603a1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3c43f0963cf410a05791dc2aefa47a0d

SHA1
7c5edead575a7e4a5d22f3038c806f5c5a922dfb

SHA256
0f06b74b86f29109b5dc17e70e97c969b3803bd45a7af286cf02870fafe83e85

SHA512
9f06cc1c1235f555140446b61770dd776dc26a5f4afb805127f95f9c875eaeac9984927460d5ab5fabc9f9b49d865b4fc9b048e1a31b34d8d1a8b438c3f02ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aa5767f4173b5837cca659815df763df

SHA1
98a7c8d17f8df9e5489faa20476630afb08052d1

SHA256
5f2f1c9ce3d09404c02a8a65f33751ce63ab1a19e6b5160f126d4c2c9997b895

SHA512
dcac079879bd0028fb671bebbf08947f4866748bc9940df6cf69afc549af96b830bf9fe15774c46c6b4c1703aeadedef428b0e6d3b717f5b8aee75ebe178b86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c33e964f0f467bb8c6c3163077c7c7a5

SHA1
107caaf73d159d09d52334c704b2de67dfcd6ad9

SHA256
980694545ec02125b7d4d8a944f468c6fc5e8b76dc74d5172f1be25076cbb42b

SHA512
b41ba35eefef20957b99786ded004bd259efd8d7a517487772f322d40766805469b05b19f851c2daf42f3f67badc8e412913861ec94f9a91c7ee52b6e290da66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
6365bf027d2afd97985bbb02e42b4966

SHA1
7f84b2442ba552d5a7e528b64f23c1768473daa3

SHA256
c3880dcce0a54e97e7aecfbee1bd7157b95ee4b6050eb56f7b3e5517baa48161

SHA512
de37d4881d202a064cf93111c761ceac678c42338a1db08b5ad0a054e73709738c7b2e364017e677d647605f45304bad386bfbde26212143e1d8864acb358e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
4bd42e14ce564e1d52b0a05f0b308bf4

SHA1
38911668d91aada901fbcb11bae4a62d321ece61

SHA256
ba3954fc12d9ec8c6bf2271422f5eef1a264b8af08ffae2d20d706f972091b32

SHA512
6a0e2bd8876babedce1076590a7b07b12f3e22b4688b47c73d56cc4e26e83d98b710986190d3e5b0600e81c1dfaf34da389b90373068987829a9757d84aa884c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583340.TMP

Filesize
93KB

MD5
e4ba1ff95d8c6670d9c584df5d12946e

SHA1
cf3dda2816387dff4008e404de58020e0e8e2c6e

SHA256
8c3e6b63262fac289c0ebc3f9be97360284d1895c0781898c0b2cb859e1174b2

SHA512
b8bccce0f3c4242d7efee96ab5edaea9c8b7021fa4117e77031067f50002ae026154802c5f23e7d053062797928a8f5de9a6554656a7b95391ddefc2ba111db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\665293e3-a6d9-4b88-8b45-32c778964bbb.tmp

Filesize
2.2MB

MD5
87847361d23f6bc94305327a3bbfb003

SHA1
78a5d1d847a19a0f2155a49714485b484e35e766

SHA256
072eba8d9869cbb3238e80d2b0adfef822398062900f4f58cdad8b64629a2628

SHA512
8c49f9a10609c9ed9241a5b51230e3ac0adf06e3d5c5001882f8246d1be3fe22f09e699f6b9f2ef84744b89456de425de2894b78ec3fa150f6de9e1e9d7ccb4a

Download Submit
C:\Users\Admin\Downloads\Cerberus_disguised.apk.crdownload

Filesize
7.7MB

MD5
c1285b8df2599ebe3c8af1b5076d7b2c

SHA1
6c2c5117609c01ec2869d256ae9c750723099584

SHA256
a05497647a879afec62bc7e916005f729fbfee48cfd56423481e0600061678b6

SHA512
fbdbed0db1f9ff75a210249e907d991158008acaf47bd3b1f9ccaac9f19a1b79638c9ce4e90e5bc9fa74137bd4a5cc2aa42e7015e6c55f20622e59757eb98cb7

Download Submit
C:\Users\Admin\Downloads\Cerberus_standard.apk.crdownload

Filesize
7.7MB

MD5
52e71e7d776d0ede14bd1fc9e5c7478d

SHA1
009ed7a2c1741d8d7b4d7349f89d6635046a472c

SHA256
60b7d7245adfd8c46d1c0247e95eb5c4c764802c271623301289d7dc1b6baf5e

SHA512
0a2cbf616e7dff4e557fcd13169ed2b8474c52859e66e8dd85b19bb4a089bbf211ca85144355128e918acdfbd1bedcbb6b74d06303517fee671659e568fb36a0

Download Submit
C:\Users\Admin\Downloads\Client_Cerberus.apk.crdownload

Filesize
2.8MB

MD5
216401b771368befcf12cb95ba85daee

SHA1
64f8a251daaa22fead770856fe38471d39d26f11

SHA256
f41fa15a2f0f89c96ff292d0f64caecaa17fd5fadc566e4918e5ab6bcdd6e12b

SHA512
3c0b2ff16ac472f145c445d1893275d135fc4de3bfb88294e1fd09abca45f7f7e19465f585cb62782ff66a995c5130b3ffa0e7b290cdfc0ad693985449c47832

Download Submit