hxxps://www[.]upload[.]ee/files/15748433/BRULADOR_PARA_PC__CR_CK7_[.]rar[.]html

Analysis

max time kernel
51s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.upload.ee/files/15748433/BRULADOR_PARA_PC__CR_CK7_.rar.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133478941361202957"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
528	chrome.exe
528	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe
Token: SeShutdownPrivilege	528	chrome.exe
Token: SeCreatePagefilePrivilege	528	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe
528	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 4244	528	chrome.exe	47
PID 528 wrote to memory of 4244	528	chrome.exe	47
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 4604	528	chrome.exe	91
PID 528 wrote to memory of 1276	528	chrome.exe	92
PID 528 wrote to memory of 1276	528	chrome.exe	92
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93
PID 528 wrote to memory of 3236	528	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.upload.ee/files/15748433/BRULADOR_PARA_PC__CR_CK7_.rar.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91a899758,0x7ff91a899768,0x7ff91a899778
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:2
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4704 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4696 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5056 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4840 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5540 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5396 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5132 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5064 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6148 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3928 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5032 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5136 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5312 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5356 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4972 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:8
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6396 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6028 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3892 --field-trial-handle=1864,i,1421404136158254777,17344106278863549466,131072 /prefetch:1
  2⤵
  PID:4644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3144

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x4f8
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
654496e45f92ad2270c32defd1e7ea58

SHA1
cc360bc19bce8df3024ac280e58ab0b7284b90aa

SHA256
d54f329324af1beab56782837336bec4e6a9fdc63f76d892c48f421f6f1e7080

SHA512
a43af592621d3e3d9bb8f88ef0d237320c30aac605f222939069acb67e72faf4b5b48824dd29f60806bb6404a7090dcc5c217d4c6f8040087ab988fa526db33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf8ea5dc2edc8b4699d0d611a9cab6d5

SHA1
a592e63d8160706a1cf61f54e873e5a56bbe210c

SHA256
4ea557a6dae8aa593371e33ac0bead3b97033f32a457e79e37af439934bc522c

SHA512
0edf234dbbf7f557f9f6d41a687f468241cb66c9696e173889513d9747aa16f51f661a261a54dce9cae0b49cb7aa8f47ca91dec3476246f9c73579fdce81e9d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b089a4f20c3b5685569f373b22b2c566

SHA1
0036bdf13ca92e2ff29edd31c176027fabf55936

SHA256
c6940e53942c5471ed8b0e54b2a0dea0446fce63671f0ce429de9da4b8095ecd

SHA512
c39c9ded6115aa8117d01d8bf62f6ee68e3c1ccbd978293b41c913712bf1b7178abd1a5bb0227b3bbd323b692326b0095a14d078b162a349ae72ae9cd505fb50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fd3be69390f67d15536ffcc43c577730

SHA1
ef88dc202ea62c91ce6efff5e7ccff6977d27f99

SHA256
8ff0c4787ab9dfb456f4ba342542ea3684e71abaad73efe3b4de4629c7c18e3d

SHA512
d1aaae61ff6bfc68a743beef31bfe396b837229cf9ec9b0367cf4fd2fa286b07acd3e4551ce8585ec723cddd089c62df15e1e82beddbd6d89bc5793857fdb297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0ac4779fe374e33cb1c48273e9f9291c

SHA1
21e284a8d557655a17942232488290d14dcaa383

SHA256
966dd288b60371595f8451bd51add674e642838f9c101542d12a873706176010

SHA512
016140eb8803dd6cfbaa700aacfef6503eda8a875a170b61ae9dec7d5b836e4b68686e63e2f3cb14df695d6f4760e8ba8a1c480051b34a158e9d6ca4e01ed797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
59f907f7a558811f8a7b48fa8d5fb551

SHA1
a1e9df90e7ffa1a5350ccc630383bfdeb3e92942

SHA256
5f6d8eec14bb23a0abdd66c9884b503c4775021dd9a6786b5e0c06766f1ff866

SHA512
bb59dc7dd653129d27a3b4bb4535629a2a960e6f2b556e255c6a2f9347ecc0cd58287633e4cd0fe1aa22cade1e38e62f63ad5a4fe25075857d934b514406334f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
62115fff0eaf2ea36b3510fb61624911

SHA1
ec66d97b2d46202033a415e37a62daa8afc2b467

SHA256
c9cf9360dff6fea1411ae981ec57b7c0054ee13ce7d85b85f5de77dbd2980e41

SHA512
86603dc27b5f3edcbb58c89b990f9c4db4457a15af1ce42b005d9b21d23e3e66ce1eebd47bf28dea648285ecca06843aedc7e39a00c1dc14353e5e18022ebed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
1d132c1ec33836568879ed13d5315591

SHA1
f1f007178fc876133fa60d8b82a07aa4d01025ec

SHA256
8c8e9bc31af38e85e2c8a5c0f789e946446bcaf24fe14b1869e3fda548b9879d

SHA512
aff9dd4506a29ac8db4d80def5afe5e363a0817248c2e9cd786a242b5b6ea0b448068b14c25866cd6a8597165f3a683e40aa8e2da5ef7e0df2daef5c4128f778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b0cabbb4-07b7-4978-a1bf-e720018c5f88.tmp

Filesize
114KB

MD5
21c4742e706561997816f074b9baed10

SHA1
d2e20abecd7ea31c01b84232a0a17f1f3a4093b2

SHA256
8d298e58694716f21f729adeeb8a85e6d3006038cfb992922ce8571810b135d0

SHA512
e12d9fec7c418c4c48ae15790e2180efa382bdbb2fdd9f7c61ab3f66ba9aaa837de4670237287ada47c02bff2837e51634c8cd91cdb2c919897338577977b22c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit