87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2023 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

msvcp120.dll
Size

444KB
MD5

fd5cabbe52272bd76007b68186ebaf00
SHA1

efd1e306c1092c17f6944cc6bf9a1bfad4d14613
SHA256

87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
SHA512

1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5
SSDEEP

12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4596	3640	WerFault.exe	84

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133412467539906299"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2890696111-2332180956-3312704074-1000\{88890E32-D14C-4B38-90AE-A2503C525F34}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
488	chrome.exe
488	chrome.exe
1064	chrome.exe
1064	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 3640	1552	rundll32.exe	84
PID 1552 wrote to memory of 3640	1552	rundll32.exe	84
PID 1552 wrote to memory of 3640	1552	rundll32.exe	84
PID 488 wrote to memory of 3348	488	chrome.exe	101
PID 488 wrote to memory of 3348	488	chrome.exe	101
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 3808	488	chrome.exe	102
PID 488 wrote to memory of 4684	488	chrome.exe	103
PID 488 wrote to memory of 4684	488	chrome.exe	103
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104
PID 488 wrote to memory of 4900	488	chrome.exe	104

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\msvcp120.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\msvcp120.dll,#1
  2⤵
  PID:3640
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 612
    3⤵
    - Program crash
    PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3640 -ip 3640
1⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9a5a89758,0x7ff9a5a89768,0x7ff9a5a89778
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:2
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4740 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1680 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3392 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5204 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1276 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3860 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5216 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5524 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5676 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5836 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5124 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3824 --field-trial-handle=1924,i,10131373817492772348,13120639112776241923,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c343e6e6f5b3d18b144c9c0404f12eec

SHA1
12723c7c1605feff9112db7617c728a2664a882b

SHA256
62163827c9b1fe02ced1122e608e6c567e98116ec85d6c96e6b64f6ad55ca1b6

SHA512
040c3de7ae3f39898be9b16fe2f8a575d621dfa93b7f3c9d8d0d42f096ad2c006c1b7635c3a5710f205eb80932155fdc2f741a9baf3588ae2920dab079c60cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
63a344ac4185391529eeac0abcfa13d2

SHA1
201257f74496f9c0ae5462f89b09b0268d571647

SHA256
72917536847eb432a6d290a4e09fd14e9920863044177c1a37ddf8352317fb31

SHA512
22e939700597d07ebf1a7f99a0f0f4e8f90dad00fe373363d59c5c385864b9ca65386d4a02c7d8cff443ec8093cc940e75b70c8c8b66f18d3b64a23a42d01ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
786c00cb676c063e256854d625d3a645

SHA1
1874a233322f70026d18a846f7094d89ec8db479

SHA256
9c5e97b71d2afc7e182e9857b64e928595ed5e6c09be435c86248b5a1daa3d69

SHA512
843a0038cac5a7c634099011882332a66b17d5101c9af5d9e5637b5431795116b58ddefd69febe991e4eafe3803a6f5921a8972b9606b0c10cbe2aacb6763a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
bbb9349f49c71c6dc29b3e6deb617e97

SHA1
dafb030cb874bc9298b34a7d7443f4ab0fed3800

SHA256
4c61cf59b075e6cba6789e0a41d6ae71f2f9646178a69f750283837478e9be78

SHA512
c292d7700ce859f6ba1c6cad039bfc1fcf17e2daf04eeb52db239cbebba2e9dc866ecb591fe658157744967eec0f0fa788bbcf87ca96971c3d5bf569f18e499f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
427111e07e838120bab326b2dd8e61d9

SHA1
2fc46627a0a04d0246ba7c1b769b36be5de88531

SHA256
eb78fc29382fd36eb704a99e2cf31fe1b3727f170cb069f82b3e08c88e624c69

SHA512
665d9b6a23bac6cd89292d191fdb3fded8c2444bc31f149e91616f4396343ed5f526e97733acf13988b2555590f5f79b221c9ceb4b69774b437afaf833c73067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
223a59a1f274f9eeded22e0bbc39f58b

SHA1
661780f918000b20595f4cb01b3efc8af8cd6ad5

SHA256
7895238ea6d58af57e8cc0367893271e5eec1497c22c27f6614bead10081c1e4

SHA512
5bbda1c3c1069f051d3c8116dadbff80815c11a9c4b0a0ba4537175019c23c2c1c11500a54924d2c360ac499913b66ab1aea75dfe69c695302294e619e1db0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
defe90dde3c5ebbaee6949e579aad366

SHA1
e46ac41f5323c987affc54a7f114ac539ce6fd2c

SHA256
f2158a9105c723632e7dce6edffc35b7fb19c82f58910a47b653da2beb18986a

SHA512
5fdb2c0c3bc3b0925859d17a2831db7186806c3c0c2df2fab3924b6a8fe87a4149c8f8a6af9ffa89183db89a34195ba6b9c0bf4f5c268edb81906cebc7b09252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
70c6bbf03becba8c4d042ab0ddbb536d

SHA1
a74377b06efc3f06ac9571930fb3a495853f6314

SHA256
862fbdffe7cc4af1140a3c25e7ce7e716544b94cb786f66610a5b5525e69dfcc

SHA512
1cfe3b2ef7461f413cead5e0866b60bbc6bf91bd043eebb6ddb017c6eb73c043678986028a3d97926c912d5e797167b43f8f27be036f80d378797702e9fd8161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db7f11de3cd31d90cf148e707683ade0

SHA1
bb11d34e3f0b648dfc19d17dca2c5e686aafec94

SHA256
2cfef4a3e8002bf65ab463880c21eea1dce75bb1f4bef156d4311548c2d11892

SHA512
b53d5ca505bf73f5c9342d2907709f1a46fc9eb0033d1b5b99b3bd7755f052d6d8f09094ed27db6190ded93581c8bc9bdd4797354ea92589a83058b214018f4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
20225e3d22f8f8d7c712fb98a8a80417

SHA1
6ee134a48d88ffb2597bf63f2c7d710169860ee0

SHA256
dcee48aab652d42b796ee5db8131719e5a2eab8f76fe7898a49504f1e2c92f49

SHA512
a04b600afc1df468b8bb64794fab9e9285b23794db8fead3de9b906e3800f40c03e8b964f7e62ab193a75c86fb0b8e7accf6f708f496304172f802e410c1e12d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
4cbf88c69fce773bd7da30a1d9678b88

SHA1
0bf2cf58b974616c2d3d1c41c95ba11858da2fbc

SHA256
edb1a2e9f83c89abcf478e410a0cebc776a901e98a58def514ead6f2ce4fa9dc

SHA512
7bd15608555595124ce12a3f5ca9e38b341a616a9610dd0b765c606e4ea64cf40e361c9e246400c811cc6b6245461bf4c490232374c895ecd7f3dd98f6d032bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
b5eec4bcf41bfd7f607d200f76a23948

SHA1
6aae505c3a96c65b4c1b91134d07e27534951eba

SHA256
d4cb036d243145ce42d5bb9e16c92f8b77af7ee3bd950c0a7f02b26b47143d9e

SHA512
4acd4d1f0eb9900522dafa36be6a73aa8ef39c41afaeac8d4046308e12ec76fb82e4d10da8c4b1625f1bd47fa258b20ca669e882c095ad7ffec484f3459248ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
33b0172a1d00b7c7184134585710dc58

SHA1
698c551968c59876dfd4e54a5101970601490e50

SHA256
8f682f5c730ec03709f23fcc7ab5a34924b92587832c7755aebe65dcb4c8044a

SHA512
f6b9e00e753c9b6831e30d8dc16b64952d3bbcc1a9ca8536ceabef2d47d51ce330b7e6940fc0adad4a936392f05599c0199941a071c010cdb83f9d025c31583c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59ab3a.TMP

Filesize
97KB

MD5
063dfbcd7bf9208a26d7984dbd23ae22

SHA1
74f99cad51c9f5bc7bc2b6dca2f3619ad82391da

SHA256
88ffa5e3cc055ab3480c6d6d80e312d124c5be12817f3da5dd66c40a37a458a9

SHA512
5a929972d205c78558413af995b162b92cd793a3b0803676f8887b32dd08470edc779a193b19861eebecec97230ba30b3293527cb17e9ba99ab6f37a2a560e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit