hxxps://www[.]mediafire[.]com/file/0gbm9wwwxtg1aiz/Silent_Hill_2[.]iso/file

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/0gbm9wwwxtg1aiz/Silent_Hill_2.iso/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3892	chrome.exe
3892	chrome.exe
5168	chrome.exe
5168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe
Token: SeShutdownPrivilege	3892	chrome.exe
Token: SeCreatePagefilePrivilege	3892	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe
3892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3892 wrote to memory of 3960	3892	chrome.exe	75
PID 3892 wrote to memory of 3960	3892	chrome.exe	75
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 1308	3892	chrome.exe	88
PID 3892 wrote to memory of 4884	3892	chrome.exe	89
PID 3892 wrote to memory of 4884	3892	chrome.exe	89
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90
PID 3892 wrote to memory of 5020	3892	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/0gbm9wwwxtg1aiz/Silent_Hill_2.iso/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2dce9758,0x7ffa2dce9768,0x7ffa2dce9778
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:2
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5072 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5740 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5944 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4800 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4768 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6192 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6344 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6536 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6504 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5692 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5736 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=7064 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7264 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7412 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7560 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7736 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7236 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3240 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7868 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6556 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7608 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7432 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=1684 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6824 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7612 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5416 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7268 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6560 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7056 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4620 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8212 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4908 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7440 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8624 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8620 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4656 --field-trial-handle=1872,i,13460956712333206099,12434469420828343505,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
26f7fd1701f4c631bb09198b262f7079

SHA1
673deee20c820ef6788b10e64bdbaa29e1444d44

SHA256
896ac17b0be0e087c15981da4157970e64ece2e5bb14e7df7c2e3b89dd475b0f

SHA512
60d6ccb5e2fcb15b525412e35d4c2f396d36f716020eac6cb683bd1f8b6ed2357979b4da0f8d5066bee77b0cf1704365e7cedcc74db9ef413e4a3019e6260c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
25631c1f7d31003c879db666d8def3f0

SHA1
3f0313a6a486fcc5e62cfcffa04902bff734742e

SHA256
2f1103672bd44a40e6bb033d52ec1ffd4fd2feefc02ba65e1e628be8b1a624ad

SHA512
1cc489a1d9c6d32a26e585e44a108a8b2c26efda88547d87e77e1a4215159c01816a8ea7aa1cdd8409a5deca0cc3d31a9055716fbd00c6948bf72a3172477879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ec045121f3b51287725f3aff336b6aa5

SHA1
1ad8d694191fbe34af85916e1e33ec45cc5e38ec

SHA256
0b9fce43c9bd43d31b3f359e1e2741996929bad7b3eaa663e61a44fe3921760f

SHA512
79773bc7d544f0eeafb472c5842f1f6211e356129ac1267fb09af6446781d5374b837d429e8d93b97d5744f375be2c42aeabeb9b24ac6bc6f69702fb9ce9ac6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
5d9b1167b73375dc8dd0dbc85207a334

SHA1
4088cad247d7d15b96a5b03d2cef4569993fe79e

SHA256
0d988e8e13630ef211bf7bfd0a123c83f7c905f465a0422a584bd101bd34296b

SHA512
06aed1e6ab5d29104e2ba2383a257007fc1861a0c06fafb311c1113d321f76c0a4c524150257dabd18bcd59f033575bafdcb8018a876e68c11cf080338762ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
db7e1c700c3cbca9e3f3caa65cf68036

SHA1
cad5fdecb36745b3d56e551ca5e7c5725de63609

SHA256
c6907f9e4a40e17a7c43df7f0cf526f9cd37f884ff75f669509dddb90718a103

SHA512
0f3525879d12ecec9d4cd3cc1a759bbd06e0a40c6ec428d42e93498b15dd9c9c6afd91ab367fc18bb0415b3061e98b8287f15c447b9c48ec358ba1a4b53cd0b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f8e393f25cb012f14ce9a5818a8df3de

SHA1
e671bd6c23917d1faec33daf6cd5e4ea6c802b13

SHA256
a46840a6c6bd5a7afe5092177887c748d0a50b2f6426d5421772b2fe488434ea

SHA512
75aa3357e739eb0f52f4300dca5acf7f8882ba5685a6103d7c74de72da90ea88e212210c085c7d723b4b405e0be697cc8fcaff29bef70004d046497941561bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c311f2a21257e1af97e339b2dd79ba31

SHA1
e1b4f504ed3ec022738e5060f3e9b1e6b5463332

SHA256
26665883bfb0ad3e84b5a61efb60f4f8ccd1f0b2680262c9a3b10260fe57ab14

SHA512
87a48c86ddcf2aeb02b3bb9861ac53f657cddcef0067354270cf63a4b1849ba8addfe03eb5f05f7a801babff864a7bd7b9d97fde0c2ed669daff5fe5cef2c12f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f8c46b53a20237ecf07cdcc936ee99c0

SHA1
ca320d2920a17a0d0522563777f957638e12178b

SHA256
8c01abae7b3d422108a13bb13c1597a672a19acfaae49d6d47cbde7955b31c51

SHA512
c4b9fc6dfccc6cf99efc87c969167cf22d36bd7b908570e2811810624e1a934a95e4f80b340d4e512ca9ee20366092d9e460a9a056086bf9e4e826430f168a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\eedbe484-640f-4c79-8855-52c8f38dd09f.tmp

Filesize
101KB

MD5
1fbd804bba696ce8770dafe5249ce6f4

SHA1
8cc1de9a04ef7a581c37917a6514cded21ab7fd1

SHA256
f288f7a6a3f6da0b814a0e1577eecfc4c79b5cef5b134c5dcca00fca522788aa

SHA512
b54ced3dedaa474f6dc6c03561af3281493443afc7fd3f2108c6af90e7aedc2e42774061e8d7b19ce359feee17aa325394f56bcf92918f5df8c3c6697c6b7aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit