hxxps://fmovies[.]gratis/movies/blue-beetle-x1565770z/play/#video-player

Analysis

max time kernel
1800s
max time network
1784s
platform
windows10-2004_x64
resource
win10v2004-20230915-es
resource tags

arch:x64arch:x86image:win10v2004-20230915-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
02/10/2023, 14:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://fmovies.gratis/movies/blue-beetle-x1565770z/play/#video-player

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133407321705287413"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
180	chrome.exe
180	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 3960	1256	chrome.exe	36
PID 1256 wrote to memory of 3960	1256	chrome.exe	36
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 552	1256	chrome.exe	86
PID 1256 wrote to memory of 1492	1256	chrome.exe	87
PID 1256 wrote to memory of 1492	1256	chrome.exe	87
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88
PID 1256 wrote to memory of 1836	1256	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fmovies.gratis/movies/blue-beetle-x1565770z/play/#video-player
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90c7d9758,0x7ff90c7d9768,0x7ff90c7d9778
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:2
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4684 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3908 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5012 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4960 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5376 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3704 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4692 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5312 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2616 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2820 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5368 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1856 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1480 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=352 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1480 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1676 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=988 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2288 --field-trial-handle=1828,i,9047196579503954160,17263496007118381885,131072 /prefetch:1
  2⤵
  PID:4484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3256

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x158
1⤵
PID:3780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
26KB

MD5
9594d58807c189863e172c8dc687d29d

SHA1
e8d5bf49f227625b495b239d60ac07ca0feeccf8

SHA256
e0a5f386c4f4b731166ebb973758acb7a5c49850966fb81e89e607cd7c8b9e83

SHA512
68b8a71e81d31e22ef4961fba9854160a158131b25044d419f4b6ffbb09ba93308abc4c771cd035f45ae65d0944d25ffc221a01cd7510c352aae07c86a7b6082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
17KB

MD5
c849f417b00420b226ecd775cfd487cb

SHA1
d86cc95c2b263a81f0f086e6fbb6c8ab0602b231

SHA256
f40e0b542c665881dd040a4282305b97740b269c12cabb4b679ad3d34fb37763

SHA512
c07aa93454a9372588d29f1891e50d744bf7a676b8a7418126390cbfaeb99c5a6850b60b361a722e6733d9c61b8ee88d7dd11805c3cfd8dc3989c8104d172ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
e4c2271ac74c192073409f1a88f9b3e3

SHA1
1b41008baca08f19598d3cbc02ff686dbda06f70

SHA256
cc65641db4b454e4ce10300064c1e2b08aad3e9b813d0583143fa85fc8416d79

SHA512
283e659c9e931019c4e7202f71603fb0ed4639440d868ee06d7f4b54d2b471a4015765f02bb2d0f5d29192118382eaafd6651e723d94d428ac088294054929cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6bb9c7b3855cc97d39a3d11e2b8f66d5

SHA1
a0fd1c7f37972ddb40143f3e3e2561b25db3c6a5

SHA256
89889cc07c44b0777217ffeed3fa3f72c3995b32285cd4ca4385c0b806498ccc

SHA512
dbbbd12b80823944e4307ef74f521e8f84c7853a503a7418984eac28d82e5b36440bdb93d12fb67be3766c8ab7f73eaf7bba59d848a3ff3604bea4e963f0869b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4abc6d633ac6427f3ce742927e0e4c57

SHA1
53640034c11e3b58b854ba65b53f33bfbd254549

SHA256
57d907c34693ce92ed0520350b105c30e0538c1a49361aa568f850501a88b4d4

SHA512
af29cefc734761bbb7d8b2836f437464f3384ae0cc4ae59b01cacf66dc0c84e58b1649afcabe9f41f0970caffca8e4236bd635dc8f81da8860848c7201cf55f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
abbfa791fdb2ab7585e2438bb381787f

SHA1
f7ac5fb04000f6c7d011da677ce909f5beabaaa8

SHA256
e45551c1a4e51575a8e44edda6f5887d505fc62eccfe3aeda6150e0cb5d7151f

SHA512
9931dee920c74ebea0c4fef4d099c5d048765eb37979ac8a2402f6c147a0fe610965196c1601f29628822c02c5f3687d4b61d35dce4533544611e81d8573275e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d5b0b76e-ad9c-4aea-9047-26c39345a3fc.tmp

Filesize
702B

MD5
a0c5063580af94d9136db76d07ee99b5

SHA1
f4982d3c62e5a1baaa79cbb09af93bf7b56b0328

SHA256
33109fc032bb39663043aeb4023ffaa591de102e063815abf0a49b64a5f1e53d

SHA512
7f2993af3f08a7221f9c7bb7174b97e30b4c8ea8b9e432c451ab893354ce089a9df33cabd9e3ef5f923917502ac396230e83867ead17d26374870919fd89afde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a7e41487296d7ec3ca506e8bc6e64d14

SHA1
22cbfd39acf028ee2de6fc9df60e6dc0871a92a4

SHA256
5858fbc34ca9d3b328dee08f54563b274f2f5ec4e9775ec1d5d34bd5b9c003f6

SHA512
97e42ffa63511adac264f7aa7f59c479178a3fe95e623430382e868d7742ceca5e87480578704f0cb8e152708b8deec1fd2839c4f9d7cc7acfe91e660dde49ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e6ccaa211e489ef643bfd48a16fff408

SHA1
c0120e949e912df0297950c7e790ab7a3ef2c7e1

SHA256
920b55c22f5cde628fc2cfe5692d937d5badf90b0d2746edf4b1d306190592c5

SHA512
81e487482f76ebe0ffa654b8f47cbeeb53dd6fc8c9a0259df67351a474985b20dd8ccf73c806cecfa193695a3e11423a9e88a33b6548b302c9cc375dfb83ce60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e074a52531f9a0ebf374e2963c73e75c

SHA1
b930f11d72356a0b62dc69bf08c4919484c2ce52

SHA256
7e8ab77f9564e4c96f27330750178343089d46cdf1736c0ac19bc86693f9f260

SHA512
ea84b262c4eec278486dfe9d9019a5c12f4e2799faa2043f4b3e32f60d7f7f749ff485c872891cc131f926730344b355e6eb21f1e510d57edad4f092ef3b752a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7dc8d3202bb7778fa447b9f146ededbd

SHA1
56ad7c86a77c2e04cdb8c1bb594a61a9921f4b19

SHA256
9e2dca7f31ab09f03c2cc04f2d984de076e812147ebc3ee9065998d5a5d840eb

SHA512
c5db39c519b1469ae0ec64c1243eeb4628945a32abe9034b4f13fcd97ffeab09453124be9583c0ed23245a7ee32014da85e0b0c080ebd2e4a01c69b5d1ce0bf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
60077579218e9c4b54c2aa21233188f5

SHA1
983a49d1e93841404fc11ab0486fe8daab168b68

SHA256
3a01ff9263ed38e6a9b8926973bda2be2980fad6dcc59285e66a7cc1edb673bb

SHA512
e577e5c8aafb7f5c34f83bee016ce372b69bdd2489247e923452372945d085be597fd7b390b6bd0a9eecd1353a72a39a2c8f2720b36adf2751a5271b29241db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e59e1c1f3c77de5a889bf751f60c4b95

SHA1
69a823474aafb07a3925f5da4073f58c894312ec

SHA256
56767d009662f507c8f8df04eb14823816d2c53ffcb87f98d5f30fe69c2dc067

SHA512
6fc28bcbd6e25b56dbf9c25cf431ad8dd514234165a8ac41af0d4429e59be05548a70786c86ccfd379849a8589146895af7b03c1b6d069683b803ecbeafb44f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a9e86cce6a26694aa404c0459ddae7fc

SHA1
74c9ab58a7c7d0ac0a0631bc7f4032513eb8fd1c

SHA256
b61e041d48bfeda7ad77e7c726572f576b649c4397a21772e647c0e1bbd02412

SHA512
44f88815f817c0bb1525c4a7708667f0bb6d709bed31b0c1e9466c5fbbb8be1fbcad3fc24fe0154e286da9ede7e40334b2cd4745d5b61daa61e0a8708db706f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
776a99f5b72bead1daa06ca5aaba9876

SHA1
c32f05858915e3eb55f1697b0f70f7d601872542

SHA256
0bfd931f87b7e6acf9cae442f786b95bc2b56de0329f6c3090b5d493476d4397

SHA512
191e5c40dd998146db6267b23dc5f7e86aa04f4838e44d1f2320809ac5aabadc5dd1f44b69e22f309a998c55b819db7a607f8f30f2d710a35259bee7362d0d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
afc82bcf0092e7fa96bc168c49634a6f

SHA1
019d22ed684915ffbb35396fd0c7686bbbb7b8b6

SHA256
4d4ba6e08df6cb8fdecea12f940a155825a6ea887a0894961223dd8acd2814ec

SHA512
ac62a3a6bfaad035c9be57665379e76647dfe47f1a6fdec86c00eec5dc9e67c523ef318d11d3b90f3a0750d513fcbdaabddac622d5bfe3e88a16cf774ab9994e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
beaca3bee6e5eec296a3c975d11d424e

SHA1
b16b79dd1da2b1f0530832f25f8cbd6436697787

SHA256
d249c1dd9a4acba4d1fceee99e3f9023bb8d8536278beb62a8a0d099d132bd46

SHA512
60acfd4fe87b64a67d35e35c22fb4fbe5030b0be33dcc077d8cb9b78cdb26d2f445b4634bb016c306a931be49c061dd7f12b7538c450a839a6dac4889038c6bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0154fee5d869b319fc32bd71ce21aeb3

SHA1
48c6403afa8491889bc99841504b84c3770ddd5f

SHA256
a0d3c703794d54779996d9b81444ff26a5234eb8338c3d861a916a6ccf5124dd

SHA512
f55dd44ffa200ae6e41a207857a9c5d944240537a56aa05ec71657c858188c102086cadd0e35898ea518111e0f5d2c3b4961a729f6c800310cbb891b1a6df4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d7ef7570e1a6e582e7c4df5d27d032de

SHA1
0b47460693cfc3ea431b069b962e94d62b67a84a

SHA256
382fd6af16355c1a9da913d6061d68cd5ae156a79ec18b6e06373ef838b1bd52

SHA512
9d17e42a87f714783818abad294791c7b156449754d6bb819d4d062e7be47c8b2d587ab619448af429e65d802ad59d564336e448b9d664b9772c53595861bfbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
48KB

MD5
01a00f506e0705c57b9bad0d8d7951a8

SHA1
2eac3b78bc69ec5314bde1806ee22b56744d7d32

SHA256
2749cdf487a5f267d41377bdd132165dfb17a0861c67cbf16fea8ddcdb8552b2

SHA512
70d9ac7e6c7f63fbe3c455c4f55e6bcefc59055944112ca2d1cc41e2a07d0faf912779f70fb6be9a2c5b6ecdef1ce97f5961dd2de44ae3f7e1bda094e14c4e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

Filesize
92KB

MD5
d98ba181e048abb878bc8d2960322eab

SHA1
ab876d99c36affbb13b630e3331b630a9f81d8c0

SHA256
63ab8679c932ef487a0f0ffcaea5d3d65ac27c7cef93165e8b36cc74e6ad0c83

SHA512
b2dfcec0d51608244b5e9052916b898383527f198a05126871502a800118c08efb7d76ed5f77505ca112d91e9305b9bafa787931c92eee24a15ff23b355b252f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
4KB

MD5
b68c3f914a30d9aec1f6c8d5fc4e846a

SHA1
172146795491364172656a0cddbe3562e0ac0593

SHA256
2fa696cb8315aa06956d9a111564822e08638bf212483620b4524d349080c21c

SHA512
43f7cc468c155a1350b53f5b89773487fc9024e638cd98870083a2e74fb8922e26779f242274848c3631ca35315a34857973e6af945e27add02d140d8b711a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
0b31812430c1ffd0aa76ad90635fe7c6

SHA1
e0b4617ee649409a765c426b7ac47f30927857e1

SHA256
6583c119fb29b9a7ab18468fcfca53000a69e8c88dc1e0c628623df8cac72cf1

SHA512
8045f8f547ba69f314751f23618577b34a5bd06bb3f48ee58d941e9b7a7a2bcf490e8fdd79495e4879a1bd37b3f2db611f7b2a50b7e64db0194d56cc90dea35d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584011.TMP

Filesize
48B

MD5
fb923c7d600f20440d821ff0b8f4ab94

SHA1
07dd1c3e9b3a0109042b9559501a519611f86ad0

SHA256
10b81a8d86eb60299055ef38361eb8e562819e7b390db077897268dc6b65ced6

SHA512
78a885fec58a0afde5d8167e6383791d7d5ee8cbb49215c8f7a8d51113760c12da4210347837a6f840939484fff5eba7bc22bb4ee21b8d7bffc31c2affc66bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a1733fc4-8d79-4e0e-acac-e94d230c6bb4.tmp

Filesize
8KB

MD5
e4795f238c5201494fada2048ecefc92

SHA1
d7d1e1168aeb11c284447d7ef0f96b68a9425119

SHA256
debb6eea492b22764a56958bdc5a9ba0ad33a85ab1244ae042e8fe71cf5c4d9f

SHA512
cd14fd168bc49603e68a456d5a1da2c5eaeb93b0b34110606a5645333eb9c10d2bea5198dfcc10fbe0990daf582a6c767fc6b90d3c9c8b2b1deda15034b3fcb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
b84696c9131b3401c581c391dc7824dc

SHA1
f7882ffaec492fae30ab398b343d51c7c0e22436

SHA256
e808a116b9b3eb7fb0b8d5e93f33c165f5cda47085420afd953e3f4f6f19ecdd

SHA512
6475fc302379960f2279dc41db6aac9655e05286c26a48f140a2876f9e958061d4a2c8b3bb1f945501a138a68e452afb6f10e65853e486d35430dc71cd25ce44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit