hxxps://www[.]up-4ever[.]org/r0jj5uktbhow

Analysis

max time kernel
289s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2023 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.up-4ever.org/r0jj5uktbhow

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451570688748195"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
3356	chrome.exe
3356	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 2032	4244	chrome.exe	83
PID 4244 wrote to memory of 2032	4244	chrome.exe	83
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 3452	4244	chrome.exe	87
PID 4244 wrote to memory of 1544	4244	chrome.exe	86
PID 4244 wrote to memory of 1544	4244	chrome.exe	86
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88
PID 4244 wrote to memory of 2224	4244	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.up-4ever.org/r0jj5uktbhow
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff89b749758,0x7ff89b749768,0x7ff89b749778
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:2
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3964 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3384 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5536 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5852 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=6124 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6132 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4776 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4688 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5220 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7108 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3372 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6128 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5356 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3180 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2976 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1912,i,13809519165903178458,11003313942807535665,131072 /prefetch:8
  2⤵
  PID:1384

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490 0x150
1⤵
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
28KB

MD5
4c706ebef49a17d0ef8154e7e4c33260

SHA1
53765a707454d9f53b3eb1533c75f9e095c118b2

SHA256
4a66830556b5b834b8d9a20aaf256ac1c48a055c3d3b67dd9d58789cecc247e1

SHA512
bfcda9ee1ad6f45ab5ee50460a6fb933bfdcdda3f4a2145874dfd042a9627ab494cb26b45d782a28e4d6f3112238d9d7f1c7e3dca1efb5474fefdab92f117d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
32KB

MD5
bf7b39a665f97ce9e841f9291f6fe20c

SHA1
fe04382d4b23867dfd1e3ef6c13f5d3490c64f3a

SHA256
e1e44bf0a20811a8936a3f7ae9abfc1b55d438260215d009fc08633e481d3817

SHA512
64fb71f0b2886d583b0c9bc050e79666e0c92a75cdb62eb5f73edc5ba88c4bcaa31fb427233b80f3acfd53a68d925b7169ba30d5d35f56a9a8873430a86d3937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
296KB

MD5
1717dc57c82e659361e842fab8fc5fdd

SHA1
5d51e99ec3d3dc8925f2272fc7c114ef22795c8d

SHA256
dae80c2474b1e43e3420035e6cf0f5795ab2561a94f20a33d87976b11778df4e

SHA512
7e7229b6bd4c0e4326068beac49cc730560e2893fb1b989a3ab1cd9d36ad6f1df7429e4cfa18383559de1a00cbcd9825666ebbfade8658ef64c4162b1a8d87e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
deeb0de0029c864bacd8d8090d6e0530

SHA1
f68d5555999c8cd47546724ed556523b74b44d4a

SHA256
daf9aabca51190f69cb8db378250e9e7b9c5b3cb33913338cd6a65267b57298e

SHA512
5b2f63d220de7c335729f0b3a953275f8e280a26b953da4760258ec8b65b00a25c4676aac7d521c3347551eadf32a874197264f1b56c35674de74a7d8795274f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
510ac520dd53fdbf6fa699da9e03c602

SHA1
d67ebe516d0def3407e1f791313974ee647fc941

SHA256
a4f0afa2be577981a2735befa22876d77989b376a7a3f5ef404b29382de9e670

SHA512
4540716fb7a2c52dce3638801c714b4207b7b9b032b553b37a09bae8562f0fadd3bd10ecb7a85f467c1eec47eededf3130932fddaf7046f646be87cd5dcaa8f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2bf3220b14173c6dc32c76ed22680e77

SHA1
169d20d94315fe2175f5a6506a132f7e3f8ae8e4

SHA256
e38ee6e64aba02d78f694a51d662a16a5e7e2299f0ea7083abe47df0d72d8e19

SHA512
a5eda350dfb3cbb070fc0fcddd2f374544c3ae39aabc7802deaf00841d9eafa56555586993dcee1e98c9a50a8fae7aac73fb49abea84c8db47a68814d306ab05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
09f723e77db7898e2ab05bf26f541ce2

SHA1
5dccbcfc01117edd7d05a742e3e461f96a0823af

SHA256
2e12042b4685db8a7e8a57754c0a165471bdb6d88688b5f268a33d001b614f75

SHA512
7309a85c8a6b2d36f7c296f3d67cdebe0997a950dbb6a39d6021a89cb4256c1535c06c11e92b36d2e43e61ef107206e8d0180164850209cb8dcf52b1e3ee60df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
efb5b9ad90a5a339ad0939e816a7ea6e

SHA1
a635c69f2fa569301b4282704beec4d973391361

SHA256
14cf29955f22db3409e83827e7b957d529ecbd07d4f16a50770590b4274b45db

SHA512
5f68319e90576f667316bdcb715ece1aaec7205c00ce7aa1b5aa08337ca710943c456252a95bef0ab717dc0efe9c4c04f6419a845e2e8d5251cabbbe03d73dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8d541151a31646ca5963592446c538c3

SHA1
6f05ce3f8a7b24413ff5979b2b3b658dcd5ea71f

SHA256
251ff190d678764fa3a9bed9b05401df957eeb30c35416a23f2ac2fe4b08f7a5

SHA512
a4af55a99689c1146e832fe917536d89f0e6e9f98a9b35eaba6cc707e84b507d44935736a8390ff20a608693d745c8728bc0721edd6b87c8e0cc452486d91f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2047d3a475fd1134521d6b98b3105d69

SHA1
78e5cfa900b9848637ad6923a0de887ee4ba6e8c

SHA256
7374bd6c815d45c97eafcb068a4cfd0fb7a75a180827d64c27e9a92db3f8f71a

SHA512
044993fe1a63a46acdaf7f61354f3147399648360233cfa3f35d955f45884e4b484155a2adbbbf62bb5c4fee2d895a23afa48cb529c93edcea30112305dbabac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f7472bc0d4324e2675bc3541f7df5dfe

SHA1
1b45d1570a9fbe3c94d2bb2d8acaf7e0c414857e

SHA256
d2cd569c915fd540ac932b40a72bbbf525eefe90f9e74d8f93572fa438b81400

SHA512
a2a034a45ddb2cb1c2415719f4fdbdcc0a72e9128d470791d090ea404c73e646645b4c84d77fdb9c2aed4c180afa92e95af40139ee3947e632088a270c0fd082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
ad731c6cbb599b9d1cac71b62557398e

SHA1
f1517dd696dbe7ed692299fc5951d9d1730545ef

SHA256
942873fe538186e663f1c64935a6dc872cebee688afcfad9c2d3249c1e0b6aea

SHA512
cdf464f1174aebbc5a55ca4760d86f7d0ff9403d8769a8e585f760d93814bda90f7a0994bf8f7a693af16fa65d9177fcb5ba4c3a2d1379a8f78c883062c86e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b6ec3dd2546cf9e79ea8146acac2caf9

SHA1
2dc31511c1e1aadfd2cede462a43c95223bd42b4

SHA256
f7c5e91f5455a6c0847a6e6cdc423c7eb43ca1125ef9b67da5ce809864a14ff8

SHA512
d44c5e5cea2b935a858bf89b110fdf50f690814ded5d9457df29c99584d422d730d94ed5a396c1acadc0a567f22f11a0e592079d7fa0a126227cdee8aad948be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
e1088abc04215f9d389c9f799648062d

SHA1
e6ca6e0aa6fe695c5eef93e80a9c29b0e60e9283

SHA256
e27d51d9cca8ac5bf92a261b89413b5bcbe39a137f0cfd37b61521b255bd2054

SHA512
0655917ef07e686d90bb2140d5fde5dc34ff0d57cb99b9d193b4563e72f458e06489506b48eee134483847d82fd179c619a2793295858adcef0429675f296bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ffc5cdc875fc7fc69742bb7dec89b97

SHA1
f212fb1c8495e3598a79a397fb9f9be5643f89eb

SHA256
63bf38485e5ca9add5c1b89ee89695a7359911f744e7ddf29b8046bf677854b5

SHA512
7d31b5c04e56d1c2de6b51c3cc578377b5001012d9e3b8b12691a6fe021ead3c022027181d060d604d63fa38f635d71f099f6e9e2e4ffd1ae4d8e4499708386d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
75e7e2b28b92d783e41f09da97913956

SHA1
2603c4b6b5e3a648845369646c19124a23183586

SHA256
9ab6ad5202ad96b3daed55fb5d263d6833f65c4e4d4eb0ea13ca98c0852b7278

SHA512
8e93ed2e5d037af751484092e5b3795a6596a669e37c39af267d6463dbf43ffedd14f0f090410946a48dc05004172b9864d570ea41d35c5cc5540c0fb9246dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
60fd67dde9a74a238b864e3e9a0f925b

SHA1
b37bae6060f22574cec841d7dbbdc5bf5ebed547

SHA256
be1ac33e72ab5bfa224ee6c20548d8c6329138df6f24a048e7106be1108acaaf

SHA512
4b631fab52f31b9dbb6b503a535d688d3dde6afc59fe6ea598b8590dfbd8cae729852c62d3cb0496cad541cc85bba9c82eaae37729f165804c18981745e84838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e644ad9cc2d84fe206bb2bda1781dd4e

SHA1
b85365789f8590ed5b6cbc0b1a80528c5d08aa07

SHA256
e569b105662a9deeccf9d3fc3fba99d23c302e616761279ada077b18fe7cae59

SHA512
87e4518a807506cddadef8a1391f097f257255a4e60cde1138d552bd186284b639552f28101591617bfb1878e23b3242d6c59a80329455dddfc06b1b1d3cecc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8aa89e74c375b6a8a5b2666c5eca58fd

SHA1
cc4743ba1994360dd739f519a17fec26bd6272a2

SHA256
6ad141a2c5a9e757fb8d631d0e80fc5422618c6a9be4cbc45b0e06ae337af566

SHA512
97709aa98d5a86c04de855d5db93a71e860a0e482c6bb3f1d79ffbe15d5f2d65fc59bf57cb503325754963553f9670f1a94c8c1b87115906921af3c47c487ac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1e55c24cf5822a0bbc16b6c1bf811619

SHA1
3f7436ceca0233e789b02d79f66b31cc611f5ef9

SHA256
dcfa00727d7d6bd07ac4c272d4d528ac884f80062efc040937ba46c0c7cef924

SHA512
b99e332ff2a0c2d82cb875b3e037e552340b6fce8cb9da9001354903b4f339759d64a15489341a731f06a59e405b1f28cd0599ff7bd63e6bc0d325ac06f7d780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7076e15e0f90b229acdf670e11c3e490

SHA1
813b7eb8c24e4ec3b2c49e848ad100f3478e15d6

SHA256
969fbf4d944c311a5e9ce83caae0dfc05a957dc77a08a74347a87990077b90e3

SHA512
d08e5bbd21849be38e716a1604bda23da54263b0e7e9d9c4849df8dbf2093de316da31c97d2829f933b0afd609f8a8b2c4ba9a4d24f7748806c8be41f9119205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ff88899f8f0d51eae087d11d10b418f6

SHA1
c06f884d5ea80334983beccd8d440d55aba9139d

SHA256
cf00defd94d4c06f8641330e59b33ff15863e5145d6fbd341f64bfb875c5e0b6

SHA512
8fe4aec3e0a79b6468527e29953d3d031039186b434a5effcbdafa7cdd8980a459a3e7e9542c3af84d6513ff98f072b1b0bce67104fc24f995aac37a229511ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
db4dd7419385cc95776b7a4913fb56e6

SHA1
87c08e5a49dfbcdb60abda6c29a3bbae6e6fdc90

SHA256
18ca0dd2dfd1997cbfda25f094e15e8493bfbe43872bbbcf20e3f82f12797768

SHA512
2094923a9049b66915dea613d6459477a9a779a74c50111472c973365eee12ae52d397ac15c2d295bc120cfa8d48861a14dd62447fe9c73e9ffd99d1e45bc8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
11e129ffe7beddb1d8fef2fe73644d66

SHA1
4b844adbb0b4315ce0387c1ce3d39c8c061fdf31

SHA256
86f9aad5441d825423f6d4358019dbab2caf4e292d1e98f047a2daec6472553e

SHA512
85fb3063d15e849c690ccff2690b82d982dcca70040149b61312a865fb68e3134a34be78a012b799722de981710ca9d08b3da8bf11e1cae96e42b1a57a614a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7da8ae2b79739c80ba968ff458c5262b

SHA1
8b6a93d3a58d211802073804cd91191fb3786d4f

SHA256
e089e06b2e59e227b9e845be85e719fc72b10d6142ab4f8508e2cab38997d88e

SHA512
228563c47c03b74facaf53eeff7fced546d7147f982d27ae307039e808c99a4f2bf1097c2df0a199cae6b152367647c4393946af2baefdb5d7d9417fe6aae679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3cc26d54e155ad8f6ab04669d22be0d6

SHA1
f6ccfee2f63554f4e0c5cbab5f289418051c8c3b

SHA256
f480a6e8f7894b8616fd2225b4b295ce8b22fb2a6a7e7881d3766e89cb6ecf62

SHA512
05052935fd21e1e7531fb2e4355caed77a22813cc7059b305aa4038b035cb36f01a6008453dade51139f29b051ea24cb62032fda28b5bb079f79d9ec6de73a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2bd429a78482e8308e2cb0f4fda5c5b8

SHA1
981e6a1d80ec362c8c2eef6a4274c0e164f51e6b

SHA256
345b9dd33b597cc54170caa72705db72b330673e6c2a0161c6d34a58e0f001da

SHA512
67e271b99e3cf8d337545e6707bdeaf52181c75d42e6d91c5f727845016fc46ee9158a01f805135e7ef262c6c5388d652d9c99e4d02d3006fea4f68d505b6a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
03302d0657d64675ab6ad2496eda21e1

SHA1
63dd9fec6b02f770953e601760f54ac4735e3dec

SHA256
ab7fcb6e48c3954772d14095247e78229bbf3dce39408aca62f8df700e89eb96

SHA512
32601a448a35c67e21c005dbc58666d4653525e53dd1751f11b25a1820f093d52d25ee12a24bc2cfa4cc1090f7303df94b095178a76fb8a96fa499aeb8c073ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
c4ab5f4e10a9a033f7fbdbede280b35e

SHA1
31a474dedf4436149fb52af3ac988f23b44eb145

SHA256
2e51abd361cfdc71c99b5b20a42801a8e8a083694546f1c2ac25f04f90412721

SHA512
25bf8e51b21e9d54ce077ba526b47b0411d4edbfa0665332344ae01af74b160b675c2399486e9ae9b0b0feb65d5df07627e9ffcf088133b5a69723ad24f319c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
2bfa232d179ac07a4dad387bce0cb242

SHA1
dd81fe98f12a0497eb3716caccaefe44a9e3bf4a

SHA256
1374063571848c8386992387342791ef6bc79df35d6af67a97a0f978992fb3f6

SHA512
c6ed9c605e38bc51831d2cb0dab9583ce591f7013e6f3d84eab71332dc5b1dac9bb0a37013a04a9f9dd52561cf8c80c0d825878a0981c21f546cc56b1a0d35e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
f057f6af2e453e42dadfea74017be4ac

SHA1
d13a0db0ee7df382e349ee61a90f3aa00b503bcf

SHA256
a243d27d0440e5fa89223321471cb8f2425ae95b8e8563fe1ca522de5ec8521e

SHA512
6787f49cad3e4bff872824ce2f2939ebb13280703924f8bd4f553871d7733c4e5127ac19cb23ab81cb9d0dea2e35fc6a43221ca2b5787103b4ab9f6a8f1218e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
13ad9c549aa312d48ae378afdd116f12

SHA1
9bf5f0d5b2b112b7629256061210c670fad4c2c0

SHA256
7f81951ac26c127ebdde2d03bd8b9a9d5b012e47e18a345a22206a316b3bff5e

SHA512
3781693c0014c04ac63234f4f6816165c573100d4a4db169ed82de2fe3b2f8bfadc16e2c03c2acd8a5b90cc9daee9748d12cc91399cff5a72299fe1ace80aaca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe599764.TMP

Filesize
104KB

MD5
3426eb15fc3f4a60ef5c0eb4eb3bb92b

SHA1
cbd8dd3305fc852cd319c88810b04ff550a3f60e

SHA256
4020b33c0d4fc60ba88949784a43366b323775aeac5cf1e11b0f405841c3a6ee

SHA512
71621681df68dbac59a04a8d27eb439806c39bc42dfe711ac3f0be07a52910453807fe5c513051036cff609186569e66dd9167656df58380ceefd899f28c95cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f66dfe48-ec23-4fc5-956b-1ff375cdf53c.tmp

Filesize
109KB

MD5
bc4af36c68d2d6b690134fbb0c09e0b0

SHA1
594d76d6656151b6c49271dcbaac65c14e48152e

SHA256
cbbc6612008ef566e7e53db57898a17bf1d39f609735f43848128b280b7cd86b

SHA512
5975dbbf322d98ea06d68f5134a93b6b2bbcc383e8659bc6568c3fef54dc3cb326e89c3c45f8e42ce4034983949868b9dec25a0bd9a5356716da667bef2e3018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit