9d1d5346149f31169406d2b23ec83fc292d561979a4f7819c26e74748d9efab0

max time kernel
1050s
max time network
1054s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
26/10/2023, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-10-25 08.11.54.png
Size

13KB
MD5

51e504750e157c50fd5f07ae7643639a
SHA1

aac2c4a1fd69fef7bff8c7447a6d13fa8a9a7452
SHA256

9d1d5346149f31169406d2b23ec83fc292d561979a4f7819c26e74748d9efab0
SHA512

b84134b916a1b91ced634997dbb810f77baa398e0e2c485db5a245e13609398d2c2e88dc6dec8080a769739125030aad33ca526480c67f46791537132020579b
SSDEEP

384:MjreO3cNJHZf1wup3chMjNuMQBmiL4htpBKdBZ:83Kbfmup3A+tpC

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133428042479364794"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 2188	1068	chrome.exe	92
PID 1068 wrote to memory of 2188	1068	chrome.exe	92
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 3884	1068	chrome.exe	94
PID 1068 wrote to memory of 4188	1068	chrome.exe	95
PID 1068 wrote to memory of 4188	1068	chrome.exe	95
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96
PID 1068 wrote to memory of 4936	1068	chrome.exe	96

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-10-25 08.11.54.png"
1⤵
PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff98bd59758,0x7ff98bd59768,0x7ff98bd59778
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:2
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4244 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4756 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5060 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3420 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4400 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4416 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4752 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3464 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4532 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3396 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1692 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5024 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3892 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1156 --field-trial-handle=1896,i,1422570805209360036,10325563047556705931,131072 /prefetch:1
  2⤵
  PID:1136

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
71e54d73cfdecb86fff5b8d8af5b5448

SHA1
81fe681dcfc0f3169ca01108e0bd1be9650b5297

SHA256
1602efabd4cda6269c85c7564392aef4291b03c43640524e180f7ca0ffaef589

SHA512
3ab23e824aecd41f7cd0ae3c465bc17f7a287f50a7d09653027d12412e0b54ae6dd79e7e8301cbad6746b7ffd00edc3f56691cb5b7f8ab087b0e1eca96ff206d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9776e06635bf28ad7387842b4f800693

SHA1
109fde2e491cf32c4afa6ff61082f4f7f102bffd

SHA256
4da92c9ca025bdc2c406624b42b0fa09cdeac3112aab5f66096bb70860fb9e88

SHA512
93ad92b01a9e0b5ed784e8c4983b1436bfc03071ddd3f768b4410867e163537a88cf396a2615842ac6c3caed7f518082fb20a6a2aa3233ca1cd1fb689bcfef69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0726a74097474f2600eee21d39fb6dfa

SHA1
45439069952cc4d23e0903f84fdc5a08d2ea0e0c

SHA256
e0d27cbeb6574a83b39a75757b17528449a0e8d947f68f66f32587670a257f0f

SHA512
73d8277f4d8b1ca39bef6993ee8261b122f361d6cb589d9da35029b4e8c2388ebf84831d4a721c63dd3f5d1bf11100f6bd162c16513591dc80d5eecf41967010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c32545d5c95ba1579037067d12fba767

SHA1
139ee24bf382063b39dbf389fc35a3f79d917015

SHA256
424b4dc97771253d5e8da430680f296bdce1862437bd35797bec1b8c63030865

SHA512
c76e802ffe95eb7707e1d4825c142118014184b750a64511675c452c1b6d8a723256a7c91931f2f4958b26bd81ffb63d77288ba03fd72ba272102edf04f2aa86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
129be125a83faf762cef89cf913fd008

SHA1
dda0dda8c6fa2c41d37171d3eefec6ed693a4e0d

SHA256
a08a6877e0037d04cf20f5bf7f49b78ad53e6863d392e99e49a5a0d8a1f2d0e7

SHA512
5f0d2930430febd2e745ab9414cef899fedd2e7fdeafa13f27af367f0bd75dfdc4a858e0142fdbdf2d9bca5c24efd0ca853cbc580b1daa17fc83373367b20eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
85ea245181cf3d21660cc3742ef7ae9f

SHA1
f7c32e6fb147b5b6e7bd5b8e5bb3fbbab840b31c

SHA256
5b52e26d604b846bfd9cea0955d25a3f38615f915ec2594b2787b88cc188e464

SHA512
114d5e5ec17a73f69196a12b6cc20f42ee78a2427957fff386c5db89eb1df8e0180d2e6323097a03613f206c2fe83b0bbde34211c75d404adb4024b113853a4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
afaac1bf118362ac2f0b0aca28becd83

SHA1
7a6a02710cf944795e37cd57caac4a3d616a74b7

SHA256
60fee40563956deb4f853fc31290b5b51814bdd0b1ac048d390d2cb487b5ce25

SHA512
6a6d9a7c67aa1e1c36f200a93ec1a87b9f1097024e8ae3bc992333e789a853efe5a51aa09024138a6cf369baf68004904c7eab3bd8a36411248cd69f2f79caad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit