4e0a3c80bbaec9387983f025a4f4cff48dbeb46be38af33033877352f0a59bdc

Analysis

max time kernel
1800s
max time network
1693s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2023 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

steam_latest (2).deb
Size

3.6MB
MD5

eead578290df86c4e9088fe101773337
SHA1

53f0fa07e9082e58200cec7649dbe6c08571e54e
SHA256

4e0a3c80bbaec9387983f025a4f4cff48dbeb46be38af33033877352f0a59bdc
SHA512

76b2dd45579b5defe29ac71ae66a419659a8b650e3a23f7b768f5168a93d25c4e910b7e999e2bd253b52f765ccecebf0f1feca6b8e3e124ace3a4a027ddb0dfc
SSDEEP

98304:cgfCQZkTshXJjZUnd42Deno/lSuv9rxEzoowoW:cgbNXVZUd48eo/lZFgoo5W

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133425599258148868"	chrome.exe

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

chrome.exechrome.exe

pid process

1932 chrome.exe
1932 chrome.exe
1932 chrome.exe
5712 chrome.exe
5712 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

1932 chrome.exe
1932 chrome.exe
1932 chrome.exe
1932 chrome.exe
1932 chrome.exe
1932 chrome.exe
1932 chrome.exe
1932 chrome.exe
1932 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

1380 OpenWith.exe

pid	process
1380	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1932 wrote to memory of 180	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 180	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 5060	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 1528	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 1528	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe
PID 1932 wrote to memory of 3624	1932	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\steam_latest (2).deb"
1⤵
- Modifies registry class
PID:2192

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa38769758,0x7ffa38769768,0x7ffa38769778
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3716 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3740 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5496 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5720 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2956 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5544 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3736 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5584 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6040 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 --field-trial-handle=1884,i,9538917725460450586,15954108766230302884,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:8

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
11deaae38d05118bf7d93fba813122b5

SHA1
730628903d70ed0ea6fea07ae344c5904a4a6acf

SHA256
4f4c5c2b070adf9a3f1fbd839dac5e04e92f0390d5dd757badc95b2242cd0d8c

SHA512
fad4b89b097f827e3f4b38a6a77d330e8f40c3b295748f9880e1b6d3c969e64d5a78cf802a04056e9901f00eacab489d2579245469bd773f6a46a1c51c4c1df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dcf258617c99b8c0cac67a89f4aca730

SHA1
0cb3d113e517ec24fdcfd3177566574f1f0fe1b0

SHA256
fb7a2682a5a7176492e9f6e2c36a177a040da474480e10cde0e8dcf2a30aecc7

SHA512
942a30a7450db227c4e94dfe01771724137a88d92f6a9e4f493c0c1a61863478f178eee08ada2869900bcfc56c005d11096f69f5c11ec1e31f99846adbd7eed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fafafffa96419731723b5f3b843f513d

SHA1
2893ad0aef9dcef835df9acfbfb85e3fe1b9916b

SHA256
0a41d44e2048d5c922de38c408a27ddbb7078dfa5a8db58f780a4a98195e3172

SHA512
3bab641f49ec2db9afc7d658b0a0f1e3fc6a546063871f1eb119659b81a1cb76539bd04655bf833d7c297e4b402d6a4b90badbf4bd0c32ee0c267016962f7d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b70f367cbddc574b5c0b68edb9dea2ef

SHA1
8b94252db861f3e4948981c618e5bb57de4ab713

SHA256
ccbec0f7a7a836e3d529f0503cc801f22bfd7dd61f726bd9d692635975052bd3

SHA512
822b28e570282cd46bf4cfd895c5e5e28c8e87a1a403ac008718c1e7031aa701b063c2b1da7e157a2f3010450326e7105caf2094e60a2d3cad7bd70bf0b54b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cebd63c93b79cff2961a13600bd03727

SHA1
8c202fbc885476a5327168c2557dda20608b6550

SHA256
7a02a595f9e46c06a449c5e97a514438b974e0d3865fc0313d85b51f839fab13

SHA512
4caf6ec2ccbd29961ff39b8d9bdbb926a1bcb01ec35a03fab0a8d40744201de8c3a6b9093b182ac7a16cc1ef65bd8ca01e786f78117d565ce57b3c1140ce0c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0d3b719ce321be7a9b299e1bdc3c4ead

SHA1
686fe4e618478d90534b2405c433e57d20f26346

SHA256
8dec235f81ffcec0200d9a8fcf1dd0464cd14a456ec6e8287ba71681d031a322

SHA512
4941c12b391373205d7f5b3984d166acfe30ed24f183a033ce2958087aea12bb229b86205d6e27ae1728bfa1678fc0ab499096e37f06bfdcdb209cf6e4e5716e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bc6ad04b037741254ef18016b4e43a7f

SHA1
9d5dab7000174b8b2b6e443b211bf432232384a3

SHA256
d1f3a6a5453439abb3e4ec67aa529b6e283d5ef66f004ec05090cec93d171cc0

SHA512
f073300ad147a46c66f6a3c1aa4ddf73102c694cb2f6203a9bac93b7e35e381cd2e92c6e941793df6bc3ca1a271831afbcb0f8abe91449a4b8ad5541f796f3fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
37515413a23f437521878b46c5b83c83

SHA1
00cda87535c41a13ec8537fd75fffcdd7b2aba32

SHA256
7daa4e71f66ed088dba2b7d2b6d888128b79c7ea2b0da4b1d5bfd90d9a0b92fa

SHA512
5223cfeaca1fe90ecb2ad62656c62bcf4ddccd4e6316d5d336d9c293637272ba2960ffa7d89167cb7fb631a40b8b9e42c587cbe1a230432cba142e5880003c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1813ead6d22a9cbd62317833949bfed4

SHA1
b9580dc20877c73f5fbc9248b6135e645b6c4a1f

SHA256
0c8a609b4143bcac11819bdfa7fff5c3d73efac3d7abc69fd1fc77c0adfef447

SHA512
cccbf075247c95e4aa9161083b45794650919b309963d8ef37577742111908f4d5702f08246665982f2f419224969781f4702628bd7108b911b61e2b08c26e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
261520936ae59111b282c8dcec176ab9

SHA1
b55e7e29a5481fb605c2dd09d8d3c4f125afceb3

SHA256
be2f8345e99a5196e1f5749ed6a38f0d1a6b6a5312dd9d766bdd208e24fd062b

SHA512
1f3270e3e5871162d95819d7582d801f5d4786bd99350ab1a8cb065d63d049dc2861410829f20a20d6f15cd59c4e854943f118f6e5af87fbb435bd7a6e8bde03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
268a9a2cd2e25c4ada0452feaaa8588e

SHA1
cf045f5396855507d0ed22c1d5e7862ca4bbfd19

SHA256
ddc3d51b98879eff12832b622ac13d78d2bae3a3eb8f1f237de51200c000a791

SHA512
a5220dcee071d0198b0b63402e9bf9d3b08d007700834b3304556cc7a47d68358ae6c0497425cc2f6aa737a21f075d07c21bb3c1350bc5e510f8333178c5a699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
28d4ed5279c526454f3ad47e9ef8a84c

SHA1
fa81a109752492573ba3975486dcf9e7ee041ee6

SHA256
a397ce7a1e7d7f6bfd0c1f082bab41266a5fc6689373a9fbf25123c72a7583a6

SHA512
1f7df2a9f05d41e72b93c1b388e9081313609acfacd409d0ac73cefe5ab9cfaadf697f2cc04ffaca6ac63d051a9716ee148f4c9b08315c2ae6a5e602b485245b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2f0c91db06d78f3a08c92c12c5809b57

SHA1
22a17afc0c22e7ca26222b668def88f9c5830f65

SHA256
63417e78a5f5c2e551d8f9e47ceaf58d99d4d56b5186f91383c4be465e30f702

SHA512
4635dc18efcd52e0358ee4c780b333d3ec17b04d88093d91bd401b860167442472d335aae18ffe41a01cdee0e953ea88f01f0d5cb72ce4109387a01c510caa16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
bc9c4cb3300b8af0d54e3852679863ef

SHA1
a1de2fbdd1ab9b0e0753e72eaaca1ca25bb3cdce

SHA256
7a990c82ca66598cc583724fef8f3470379db63b889a13f7e6a2de9a8579508b

SHA512
e82427379e7f5d2ed0aa1e5475c0cc779abecc00653822dca16d667fc385ede64bb52522fbcbbb9ba264782cd9371601cc3d9138f65b930424157d0208031614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
e362725253faa225e8bef5cac4b96701

SHA1
19edce89d5c224b7fa68744e917a8cfa52c56d91

SHA256
07b9dcf9213798ba7d27ffb80e3f60c45c283d8dcf8d530fc6d7ec92da3a3c92

SHA512
165c112a9ceea9e5095eac6f8eff7a49b826f33944fc99e0c3db08d47f1b00777416861962827a26745c2d76eacac317a7bb11b3a597ed90be60a04ba940d62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586193.TMP

Filesize
101KB

MD5
3a7e987d3126d74df669f851c6fa2265

SHA1
4db4a027f0e7d21c954aaeb7f22a14899a1e72df

SHA256
42acbcab6baf8110135435e3899642d2714e7ee93910c237ae971d436c9e5c19

SHA512
f5f8a611157873ad8899ad42bbed7f50a1fd69d79daf2dde12f14b5a00ad90dcb12e112add324ba5e2c823f755d3dc33a24bba5a034b9198672af00b2fcd16c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b94efa25-5bc3-4f37-8357-247ad5e60b73.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_1932_SYOFKWYXIAEMULKD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit