hxxps://new[.]downloader[.]la/istockphoto-video-downloader[.]php

Analysis

max time kernel
68s
max time network
73s
platform
windows10-1703_x64
resource
win10-20230831-en
resource tags

arch:x64arch:x86image:win10-20230831-enlocale:en-usos:windows10-1703-x64system
submitted
03-09-2023 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://new.downloader.la/istockphoto-video-downloader.php

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133382137806720330"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 2132	1144	chrome.exe	28
PID 1144 wrote to memory of 2132	1144	chrome.exe	28
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 1688	1144	chrome.exe	73
PID 1144 wrote to memory of 2256	1144	chrome.exe	72
PID 1144 wrote to memory of 2256	1144	chrome.exe	72
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74
PID 1144 wrote to memory of 1132	1144	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://new.downloader.la/istockphoto-video-downloader.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb41dc9758,0x7ffb41dc9768,0x7ffb41dc9778
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:2
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1948 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4644 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4968 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5492 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5648 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6148 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6752 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5716 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6384 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5304 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7120 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7032 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6596 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4908 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5872 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1568 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6236 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5788 --field-trial-handle=1908,i,17373866780042558325,14054522285385775620,131072 /prefetch:1
  2⤵
  PID:2136

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\12bd5e7f-f2e6-462a-b1f1-84dd85255fe1.tmp

Filesize
97KB

MD5
17142db55903d3adbf1e0873f38c7b19

SHA1
33b55b088fa6f2ace92a7a6dc3c87430f3c8f08d

SHA256
f0f6b58c6ec0e6b21d5c471dacf9d9f1bbf2488edf18c94b053b02df9a2a3ea3

SHA512
41566dab28c791151d6a8bf83e03bcba09640e597626c781ea5d741d1535a271631a890518150541be4d3d8267584abdb6406b741ac3de39cd1bafd9223ccf93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1cd94b4ea13deeedcccd729b64a7e7e4

SHA1
a6627d83102861ef8e8ab5dbeb1a7cab85c4be6e

SHA256
b70fba48479d66a40c60d47aae4c0add0ac310f00871711918d0d58ac9df1ca5

SHA512
8b20bdb8fbc46dab5e5ecaff20139ca43e4b6f47799cb2fe0e05c22a3d0d35acec8ec0c58cf4ffcd93d10825e941c26f629ae5323f6bce2c14f9636c8d35dd72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
46KB

MD5
03ec8809d142fb0421b9e84aa4fb2d75

SHA1
929dfee32b71ee7ca295d77b9eb2f40cd337cb34

SHA256
5d1a980e5dd31e09e9ffa6e31ef31a0c6ae278917d6a99bddbf455e0531947b0

SHA512
2497ce38ad9efaec380dfb1fa50e04682c8b5bc5679d306364819eeeed23d36cb0f490a6e492fff28b8ca0bba1f2de818c93b9f789035077fe7cd1f4428f0a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
289KB

MD5
0791846e94bb60b33afa31f9b53b51d7

SHA1
7c8790e290152ba966afb8c8100c32f114687b06

SHA256
73751e1969e0d613ea2b70d0beeb25957fe7e524a669699f7eaf67c7569a060c

SHA512
a935af3c9a6c73dbf43288695f9c26ee4d241733968f390f0a4b820ce9c097b391f8ffcb5bef8e8e98db7f620d179fde686d321122a5b49f55375848b4b8fff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
34KB

MD5
8fb1c8ee1acfb997be400364bbb4a5fd

SHA1
7026835048b2f0d786ea2ce39744a7e507154ef9

SHA256
de2ef8867caba2b62660b941378fbb89a77d85512aeee719816474ce5d33a7fb

SHA512
60c4600856b0a5a85dc14cc31296ce952165aa1fcc849460fcc0e89f7a42c64ad9733479c9d5394d3e72071232a94f5c68dd2c7ebb6d7dec83ecd0f9a0978f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
90KB

MD5
c00521db61090f4da29f80e086510a48

SHA1
ae59962b8008f7bff3de81459b33217c7558c8ed

SHA256
848359a7d7c15df26e4b556a850916dddab543e17e6c305c7d1dc4eabbb0bc99

SHA512
55953fa9f014c773978a4b848ab6c67337c7f348865d1cbad5a53d0bc4fda3a49246bf6841e99bed98ca6cd6ba65891f4ca11ef45b098a83c7e05a9da6653b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
64KB

MD5
be87f72f32304de9b08e4a7bb41705a5

SHA1
7b5145d87c27b094a1850a7c34109fc7a1fc220c

SHA256
87c7b8bcc189d505f5ee816abf981b4a9ee696e4ecac544bd67aa2a2be0fc16b

SHA512
718b400866dcedaefb74c206566735db957ea2cefba958199a2419fa0a296b4b3e2e38eb68b642a521df76e4c14c5199bda2f8c5f4137891e57bd398f4de7ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
25KB

MD5
eeb1a3e062434c40fad0ecc5072e007e

SHA1
a655c62f12c3613a307a2a2a7a50df15e59ac0ec

SHA256
dc080b0e34f0579c2b66c068ec7cc20715b66fb1dbba78686999bfb52d35c6b8

SHA512
05bf4d27746a26745d3602b9b2142a58af35e16d387daac5777ba2b949f4d779e99ea059f568c2e410bb3232673962abaa50b16ce4f60f72d6f42ccc284c37c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
159KB

MD5
7f2e1b48b71ec58fda4539018a2f56cc

SHA1
507bf81f52fa8c99bf2c5c8bd59a981899ca9995

SHA256
7f80c4c91054b3d6c80721939242c2d4f68f15e41f251e12641f695d78eb2f35

SHA512
dd7b52119d1179332147984f6c7d8cdcb3388aeb1e8af708ef9036acdde6e7b3900acc965221f4e4864dad89797072e19e5b308cf065a65dda7656be884cdd77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
44KB

MD5
b913b942fa48943ecf5e1c12718ec91e

SHA1
c33a2640a1dfc3c74d8fe0242e53dbc1a38ea644

SHA256
cbdbb7e1a05329f7f9be0a2317676e46492911e026da0976555e5f6b5ea10a7b

SHA512
94eb9949d217b60ec6625072e3df93fea4aa403ed78a6a349671cf0e15925d667ce2027c4d4b53bb1d71da61ca22d0659cf7648aa3b634cb92cae35dc7a5f7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
108KB

MD5
d539c048a61ca1ba9fe689cc22a578f2

SHA1
833089c641ae87dc82752d18ee4d610a96a3550a

SHA256
627df98ab03f6d9274dd0230d25f309ca03edb4bd420ca230e62923ab9f4afad

SHA512
e6c811d699063f965fec44f8fafed82accefc894be59ec67c99408959852fb2ae28082075694d20a9dbe3c83a3c0bff999c179fa88fa1bc6a7e181d0eb28de9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
32KB

MD5
caa503170d6fb0da1523ce82aed7e6e9

SHA1
8f17bdb59b6d0fe208101ecf402e1e3a0c687f14

SHA256
d0a73650d490b26af9ee4408bec981c68a369d1e6ffddb32abe1e87cdee21918

SHA512
6b6bcf57836dcd275871337d01e0576dbe11fe434c9d55eca05af740d6222ae74d1cd885c3e81f0f67b0d95056baa58c6fbfb2172db1945b1a4310619b5ba411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
602716660fdaa419ed51691134418acb

SHA1
5cda06aa14256d311401a0d1a7fb805bbff41656

SHA256
12e2d49b40db851ed865260419ae54240b516817c8b68e74a5c394b776859d86

SHA512
bbb93eb82b6c13e56d34bde946b04730fab8a3d6bc83769ce3eeca8ad07b4033842c05dba7d5aebaa7906b9e39cc20430badcd127587027aad6df4490e66ad52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
20a2477d3dcc8575c158c5e3e33fa0d2

SHA1
94f94ad2f390c72186af085134c5323f576ca5bb

SHA256
2e76213daad111b23d3117160f947bdd44163b240e0ada63bf0e68b953887717

SHA512
71fe4c57d0bb84ed422ed40fb7c0e8b564e903100324a5fee236841d9b664a547e1e3d035900b394f9b78fee9742895149381aa0feeb4100af974e53561f7cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c5063f60a51f49ad51be20aec6f158b1

SHA1
fc52599711f0593dae99dc022ec01806a8c726f1

SHA256
5fe0395d2ff7683e0cafd6ee7d002e7b6b20ca4c4f092d9536fd501bd6db3996

SHA512
01435fc8ac40023ac66f68b508f8aa30c35f96de617b1c0137a1bedd568927dad80b321c90baf9167014e2b324103be891f69adcc2114fddfd0b05454a045cac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f6a294c057e97c103673f62c97d1ddbe

SHA1
71795e94ae335a34c81442504fbc5093cbd0a4d0

SHA256
1d40522e2dec8d79ae63c786041ea3336e645b83eccd56ffba5e8419ffd8dc09

SHA512
0290b3ad1bfba89fe8620ef42b05917a7952ff8ca66ea6ed561804d630086e9b593dd5f92c2781ecd667a5db9277e3071e3b6bd983c253489b2576a49fe6c2e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
052ad3fb65ff88189047dea78326dd55

SHA1
17e50da567ea656fb85363b7b1dc8202b6d8c8c9

SHA256
65e76e9d5f7e66ecbee69a7d8bee7fb68ec0a00fba42900e9b27c1f5c75801d3

SHA512
965516a1e34b527ea1d747660034257ac6b377d5f824f4fd747cee8f727d8e2f311aec1ba4e52b442706bf7d2fb9308ac7574a9a5d940491e760cfe25a2ba056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3dd31d40cb77caa4424a5a11f35dc96b

SHA1
ca2181c8ed3b592f8f5b3d9b1bc904370d19d03a

SHA256
462adbc7895670ae224e57b00a5456a3b9a50689c616616ceb8e1c1029817d82

SHA512
0d3c89715335cc7d757223a60fadec23777213467802464087508bd738f2fef0ce96c5b8ac801b647cdf8bc74ea8c209d22316a4ba8bf615eb5b447aeeaa60d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dd4f106ecd2b1e86b5d58974b4041c4e

SHA1
ff0562dafd0b108065436afe4afaebc0d3a040b2

SHA256
a82f49c2e7ee8ec268e51c99c406e9df2e978c6e0d4a8f79389095ed06d79b61

SHA512
dea33d35eba7975d6eb6da10287cc9a54f6765b25bf811069644ddd6e4da45128329bf04ea70e260764092bbcb94ae1716989f00899c3537e05315a8357c9097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cbbbe9ed-4c32-4af1-8d47-17a2125c8648.tmp

Filesize
6KB

MD5
6b6c23b0d1bacc0d9165d0a34dd1ef82

SHA1
575e33f39310228085dcb090bd03975f95f63bc6

SHA256
a75ccb781c3d99bbae63bc8e6efc60ad6a73c716cbe9bc54e12dd3bce2a3a10c

SHA512
e166ebc986205e51520c9f2ce3a4fe452838844c69523858a1804abc15efb9eb0f5754e466531f6e5df454378cfcff42e5945e4f19ca6016a61e6e0b54f786a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
d1a1faa3cf0f926c3afb1c7796a9d878

SHA1
f5ddcfcb51960bb9490f1cd9ced4f46007ebfa00

SHA256
c345cb8f20c28261b57d500c209ca25de99202f7fabeea7c260d8e916a52bc94

SHA512
744603408c998a2ad6f002afdae3ee898b0ef5bbb23365c7a6ff5f0a002c19b69118a034d4a064904ccc1068ccbf2b38dedaa0e71b1bbcc6726bd1e340e32809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
9e9edbbc1f275d892bf0f6db1c7e89b0

SHA1
8c8e2b65974717590319ca70356eb007adbc2f3c

SHA256
56aa4aaeb4ccfb5dd5913a59f16b6e1aa7542dab1f941bd1683ec9423b18aee4

SHA512
bebf59d39975c40b9d80750e7d6bf91adb6e8493b3117158d0d9dd63ca04a14f1e12c6584614d060f324ceb8411e8c4dda3a01aebf7f26f1cb2dcb65c49ee653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
bcb57c17c9e3515bc66bd02302d2f9a4

SHA1
f69522e8a9aa66cf531c886bc297896accd29a1b

SHA256
9d80c5ab4b4aad13cb9ca4c0c40a796afe36c969e69dca6ebe464947fa9477ee

SHA512
92a43a043a5c0af3024f3e3e273133a7bbb9a9c49dd5ad6f87aae1dde171eb9ef0b7d6bc04a7c9c061dcb63e8233679a903f4b3ba17dffb8046bdb71ec4bbc1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
ab938d732e9e8d8a35be83921bdab397

SHA1
06b5bc329d4a0d9949d71175696ad7ef5edc9292

SHA256
7f7f97e1391be826988d04bf06aaf1987009a9da560114dae7455b23cf51ccd1

SHA512
184d4086b705cedc46c99d27707e6accf14203649ba78d16202b8db35d90b494ec6523c29be1c336d3c0de6331c6f0ad1b56352367fdda8ffd3b90ed10597a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58dcce.TMP

Filesize
99KB

MD5
bf8279897b15fbfcfaed683edb1fac18

SHA1
14e504851f3b60d6fcf121bd0b8c9add09926ad1

SHA256
f79c5495f4b436ecb7bc368246d17c80d6f9ebf16c111dcbdf1197f6f101ef91

SHA512
0520d474af64f455f20101c6d05498243e8161f90e0f983cf7b3ba9ac597cc8a46f3ce585aaab3d58ba742aa0b9e14ecf3ef926716b035356338cd62f4b576d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
15KB

MD5
dea5ee5bfefe348b6d2cf984d0c76ff7

SHA1
2259072f124c4d52c889aae36df63d30addace4f

SHA256
440429be61ba002d39b8ba1c16b8bc069129c6ebb949a5753c938d5e6ef3f44f

SHA512
a39f4c128576e5be82f03886f2ab8d8970e7782c156c0f01f795b3f2b081492063f3031a1536f9defc3061b3db7c54df3ca771bbe4d666f008388caf2043e74f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
a636d89c4c25da73d0ad89c7489b6062

SHA1
a4070ab6af0548bb4e263a0e0306af5a1aba30da

SHA256
4770625f0d81f3f27666301f54ae68ee7e5547b23efb25ba441a47e863f9e9b5

SHA512
194efeb3eedb1fca4ec0f92059f28ca7b3661bc84a953567fe485aedb3b6e39bcc4f30f4daf904b6ad1a31b727c619a4c76b18dd02449f4d7607cdd59ed90bb9

Download Submit