hxxp://download[.]iolo[.]net/sm/profiles/11A12794-499E-4FA0-A281-A9A9AA8B2685/profiles[.]dat

Analysis

max time kernel
1800s
max time network
1691s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://download.iolo.net/sm/profiles/11A12794-499E-4FA0-A281-A9A9AA8B2685/profiles.dat

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451999550601802"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
3080	chrome.exe
3080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 4904	440	chrome.exe	35
PID 440 wrote to memory of 4904	440	chrome.exe	35
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3636	440	chrome.exe	89
PID 440 wrote to memory of 3632	440	chrome.exe	90
PID 440 wrote to memory of 3632	440	chrome.exe	90
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91
PID 440 wrote to memory of 532	440	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://download.iolo.net/sm/profiles/11A12794-499E-4FA0-A281-A9A9AA8B2685/profiles.dat
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93f5b9758,0x7ff93f5b9768,0x7ff93f5b9778
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5516 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5068 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5576 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5732 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5928 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6188 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6032 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5916 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5652 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5812 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3068 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5972 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6012 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3132 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6568 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6376 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6744 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5244 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5224 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3384 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6208 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 --field-trial-handle=1752,i,17298389349403425582,17206636647498731377,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
149e29486402a4538276d859724c71be

SHA1
d65eefde7b41bd897173d95dc03c6d5bf015155b

SHA256
80e6632fec46d8eccf94d7cd702bdc06b10553c6b09027ff51c8077291facbe8

SHA512
6c7a0aa51e4235b4ed22781991721c49543fab6f1fe8e35d7ddf43cc8df6b186272dcdb5c7da00afeb65a3bab50b18add16e1e034ecb7cef7b90c35a95a274c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7b146b9a70048679732ad8287008d5a6

SHA1
2db5324eaeab9e7fe11c4dab24c2842148825006

SHA256
e8bef8241bb9452729e83b6b1366793d445d0abc44746146ef5786065eb17e93

SHA512
b376768ca15b9e0ea989ce7d32abb4c5c88ac51f1dde30cf67f52df2a977da92117f95cd480137fd125b45ef5fc6a05a0f3033a81ce940a574892f3c7cc968dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e51181b5fb4ef441812b9f84948d0b9c

SHA1
f4cdbd1cfda1048875f9f2f753a559938f36c8da

SHA256
472144d09d44f80326001307c5177823ac603f64d7735798c0d68e834c36f0b9

SHA512
8d52fe79b8d9fd342204136f0caa0e3b52ebdb9c57ef2c6b91e92147724886f3c01c171ecf7d82172eaf5d4c26bb69447ee75a7fc1c59424ae68df7b69e2a98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
de759b3d8417bde6538491c00279b9d4

SHA1
c34463a076f248403f963273de9a40147ea9121a

SHA256
4ebb8b940b86a5a9aad77bca1c872d64bc2ecd725a45d21b80784acd01023d7a

SHA512
d537e0fc9a0633a6c768811646426ced1e9f1263e252202dc809659235dd2cbb0803ab65e1750167375255a79fa5d29cbdd2fa5f092b27609fc8be884ed5679e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d04bac61bf2cebe07cdd49e0f05f469c

SHA1
7729e342008b54a2bf3413ff277fc9de4dca0ff5

SHA256
eaaf2872448dd7a205bf448f9e7bd1abf2ccf2157f4dc5d33d967d1804074134

SHA512
e87da71d5c9221ef45f709b965b56604e32acac381da962334ac33281bc1e2e26f1e05084718bcf7dda41e69e3724c99740d53605584b5b032f6cb13cea1dc14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
038af753948988445ec76c6be3c62194

SHA1
30cf620a9a8e4716e3392a37f3314f2bbca2f7db

SHA256
96ddd6a1bcc8e73aba771ff36e87e7e67e4fae4659702011e8700f24855c98d8

SHA512
f0f1fdcbf8f1ee6cf730795492fdc2b2a77632093eaff4366fac02a87fba84fc403527af921b56c4bb899ffffe380e97352c20f309fc5f3c8530e153be968b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dee96fc113dd5db63aa0cdca21cfa0dc

SHA1
87f4f79a210c054b74572aa07b85709892bd7165

SHA256
d95d0c61425a760cd0aa10fe85324478c8b0b2223d7ce34261d3d0c15490d9b1

SHA512
954cc3663e5e03c3b62b54893a75c492283244417ea9ca0a6a832943b18c00ed6bbde5f0a50ab7025f12d1131943af6b529bd80cd370a8a649bba2bd15ead531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
915ec5284a9b3d6d26b2f99e5ae46368

SHA1
54d16514f2316c25ef436b8c35646e0c568163bc

SHA256
85c3bdbbaad6e7dfd4c00ea4fd64d60d3c21a154d88e6e01523ab1ec45c168d7

SHA512
3abf6a7b030fc67469e2b5ac5f8939c484228237fc81028cf19086ee97a90cdd5b467a3ef06c7e184aa81acdd12d3ee56c8ea3d512ef7f89fbc595b0f5d42f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0e573fef06af55c7183d23f731479958

SHA1
19d8527030a43fc984b888d3fa94cc7e9ade4348

SHA256
39d6d7cc4d77fae5dadcda171caf50ed0c0d820bbe2721aa532dabbb045c0e3c

SHA512
c077caaea875510f49e43164f301049fa951d512d851cd936ed3e3ce39498a413e324cc207ecaf40339db66b8c91bbb5d7b7fa51840bbda2ffc1e1b46d0d3b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ee357aa6f998c19b73490afc78b5245b

SHA1
917912a2df02e61352323d611715c733ca949bdd

SHA256
11f00e8c5503dc2ffa2b901fd895eb1da8c1ef65aecb704b6e385833c947498d

SHA512
e2409279a1f8a21d99f38b29d018351062af0b8e6f6806f1c180991bf5917b5b6fdce20a7f289e899c32ccaed0c8d6e0268ea42b620208ea56d0726589631d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
111KB

MD5
c962d0f1aefff56f52c7bcb85bfe264a

SHA1
767b26778962b222d6b7bde831c51065cd25ab1d

SHA256
6e0331caed12651806da0b63ecd3165f8fb6582d751ea68277986c8a1bd9953d

SHA512
f96d3a031b03a2c5ac5d3cd35fd723b3d857c1a49eca89d2fb16b4d02cd5634b8263e67a84ec6d7ab2b17358b2b4133d9ba0382e3284ef141f5da86c1c4cc7c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5161eef6212b4c78e42161fa4c09d9f0

SHA1
c1afb8d43140d36cce3dbc282b3c1d30c10a55a8

SHA256
d9a07b194ae49274887176e4ffa972a3890b41bb68b9e03aa83adaab637ac88c

SHA512
710cd4c418f5ed23ed085cff71999a48f423001307a4d14a13f87b4941a90920f3b307df711d70bf58f6f9f3dd3e97650ae5ffa821411ee8c59922e9e8c73c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4f51aa65068dee2d9eaef7ecb19fe2c6

SHA1
e30ad0c01d32e2c296543931725290fbbe843ed9

SHA256
4e98b0ed5bb45bd6666163a78db7fc9ef4dca67abb3a16976bd10e965f1d9ca3

SHA512
3fb2eb7dcac832f9fd259d56a04d3d38ef8a22b7cb51736ed8c8f7c9beeff77c9016e535bcdf54b8fc8c3208c29b3b8afcc5e17f0cd8d29372d10bd89ec0ca50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580376.TMP

Filesize
48B

MD5
a5a61d809666ea77dc6b012003c7890c

SHA1
7a46f83110effbe46fd8a971261338ec29dc478d

SHA256
e30ac32f003ddaa875e8f7105e6cb1ebfe069373df98fc3cf08524c1e48d11f8

SHA512
f37f8067eb218c83cf4e074d5aac2aac923bf01fd23f1f2202d4edfae558399c0a0928f8e4f72b7737a40ad6fc99681b9dc81c397da4591edcbc8583a126786e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
122408be3f373e9917de35082713e65d

SHA1
10424cd3cf40e3ad7ee99b0ae39fdb9c61256756

SHA256
e5a9479638772538e5d89c00f97c32bc3c3091e991c431977a7323dd4542dd8c

SHA512
5493b180fb7e5e48800c28b202b702dba7c11b2d742a654d02ca139b1b7ffab96964ff719deeea05eec17d8b3ed608654d9b798b1629bcfbfb943ef6796df20b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
2f5043165dad641dbbda972419b3d2bd

SHA1
0780337991e891b346db95051d2728b5027af521

SHA256
b6e6e187fed28756dc092c308843612b7be7e18f2813a99aa2dd9450a258438b

SHA512
17c644126d8c8ff9afc7920bf2f52f401837c1ae947943317cffa3e36a7693402733b1a0388f6e553dac0948971909284a63ee0f9b29735d359d8b7333cefb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
18ace64605f55b7bbd9e1be468ebd37b

SHA1
a27e2a3fb72ca9d0e16e1ea20405f76a10fc1b3a

SHA256
4142cd16661be1c48a270e2499356e0e1accaaa985d05cdf26f7e1bd9161c9fc

SHA512
0752fe8afc3911ee06c021528ec602811aae020945d86e890b7af728568f7be3f0246c20ab9b519e7819652cb48a930de5effb07f56f4db6b1de80beef236a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
74bc5be3b631f82eefce7e279fa35986

SHA1
5f902a21892b484bca6623bd0c7abccd52ceef88

SHA256
539f8739a85a8fc2ad282a2c192ef266610805ca3d2174521bdd090e90f475c6

SHA512
19d461d6900fa7f5bb7f28cad458500119b11d5324a3d21e0efb9296be2fc26062c5448a5eb7d57c0e3b80892ee8d478957d8460c47f7f9e77d331fcf56db797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d61c.TMP

Filesize
103KB

MD5
a5cc0f1f022dfe01c6c364ea4ae32447

SHA1
b9a8476082bd001165303606451d506b362e2a36

SHA256
8407100c9a59e34726434716c2659d3bcf0aa4acd05bb81bf39456ded74f1538

SHA512
6c23c2dd2d29c868fa2d115bd6702e5fa32dbe74b8666dcfd2bd42b292c6f96d121f3791c949acfead3e25dea31efcb94111077c857fe215849c58887d4e9f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\profiles.dat.crdownload

Filesize
60KB

MD5
63d18119d7508bd2aa9cb8bdcbfac7a2

SHA1
e0b53bfb25652178ec9357a224778069365f3eb3

SHA256
d0bbd3af5140a526fa18591837aa1fc549b55067431fa98efdcdd053c8b93bd9

SHA512
8892dc1be1b2201935c9b1c1cb8b30a768c3454a14c68bc88dee845d846428046ac86e92f7b71e12b639cae2c0210f724289d3ed0b19cdb46258475030cf1911

Download Submit