hxxps://shorturl[.]at/sE569

Analysis

max time kernel
599s
max time network
600s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.at/sE569

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543841993876339"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1932	chrome.exe
1932	chrome.exe
1904	chrome.exe
1904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe
Token: SeShutdownPrivilege	1932	chrome.exe
Token: SeCreatePagefilePrivilege	1932	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2572	1932	chrome.exe	89
PID 1932 wrote to memory of 2572	1932	chrome.exe	89
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 4888	1932	chrome.exe	91
PID 1932 wrote to memory of 788	1932	chrome.exe	92
PID 1932 wrote to memory of 788	1932	chrome.exe	92
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93
PID 1932 wrote to memory of 2596	1932	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shorturl.at/sE569
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff865049758,0x7ff865049768,0x7ff865049778
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5284 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5340 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5552 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4624 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5920 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5116 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4996 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3908 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6228 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7000 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6256 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7300 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7644 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 --field-trial-handle=1884,i,5256855843382466731,11777786700484586152,131072 /prefetch:8
  2⤵
  PID:5324

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\73ad0e98-b0f0-4d0e-a498-11b940d9c6a2.tmp

Filesize
6KB

MD5
9b4aef2bb07b5f478cfda7f341eaeb09

SHA1
0d2e25aeb36ecfd5d2bfa5ad181b6c41cc390352

SHA256
d64b419094c117f581311e3c716cec66edf0b779414de5e7fa25095eb7fdd817

SHA512
89a6384a8481f05be9920baf87f594996f89d0e3dcac4ec3523d320b1cb11dbf58ea623b41e8cb4a77591eac32788b9f468b8b3f9253c6988e2f36ed83692b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
23KB

MD5
7a760f00c9673d22da3509fa5da59d63

SHA1
018c7b3709a2fc8a22e153b0fed9c346901e5fe2

SHA256
f60d0ba8f8212823495e2c9b57194613b2d632bdc7b179e11757a91e93621f8e

SHA512
61fd44afd9effdcd32114e76a1b96edebb9e06a42a78cc4c5c60507766670e56920392b301e1ae05aac72f0eea6c3e7b1f647bdeafb86ecdfdc8f00c1b68bf59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
81cd75c7e478a7da16634b1f20df3636

SHA1
c49e246484d2af19e360516c116386d09ea1229d

SHA256
422ab68b63b84922deda25dc91ab08710f6708a86d1c9519df1d18d8ddf3fdd5

SHA512
2d3331f6e93b38a74e9c7f232fd7c8957dbab16adcc3ebddddbb937b2f8d44087d106fbd234d92f2fa6e596b0c185916bf7ac8b5ffa45449f6535b53e53d4ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a93a61a31dc69034e442cd15c8270db7

SHA1
21cb32785ecb7a0379762a5f471ec3fe0484e50d

SHA256
97fdc634f8b8f1690987879484f47bf1891c7130ae39987d220d28fc178e7266

SHA512
6bb92efa0e548fd6b601e2210a3792befcf867567cf9ef389a8f83ca14084910bb656b8c844e586f734a710e0b897bb7893cefc65688d202a7686866e90ce643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9f9feaa0-8e23-40f0-8a98-6cd0d0386a8a.tmp

Filesize
14KB

MD5
44f32f295475539c858adb6da8ba90fd

SHA1
1d06eba6820565ca068464cad76e1e874b4b2d4f

SHA256
1bb1312985e0e740d6a8608b74ad531ae45337df4ab336422f169f076dc72094

SHA512
0db6232473a577c102ccf40d61817f94b9923c02883c961e7cb9500fe5d4fa1864c0164fd8bc095f59e0538affb3c90a75e666738a00555fa54ee5261011e8c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
d2b16c2e0c2f9c0d7e149510e17404b7

SHA1
0f365aa251c07748165cc9c5036849707633b62e

SHA256
5d7a4fe5be08896edc5813d14267563fa5fdfb535e85b996c10adeb55a328e29

SHA512
2ac70271fef5bb5c2659470533c7a70832051b0b3054574e501b3757adbbe9a383d1c1e6dbb23d317c0c700a6db2b5d42c38abb3681aa179860a6a453b8437e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
fa27da9e0bca584a2b88a06fed43d9a3

SHA1
e17f6dd54aa8040c44c8dde18b3e8173e0f3031e

SHA256
f12a09e366b00b3207f7965bc9e29574de21ecdde4802d9c7046f1d1a815da7c

SHA512
fc0decc1190a05c40c617cc2c2f501ef756ea12f1135d776df3b8897ce031299ce235b2565ff15842bfe6edbbe92a6b120a680422561cc1e4a12e9f28d55d801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
a639e1d2865a59ff91c1854241559e8a

SHA1
9c32279bc5da9813b5a85b0138c75b1609c44b5a

SHA256
4126068a0b68cdb7016384aad771f25861e12a31e92d0d4e3725527b55809ced

SHA512
0a61067eaac06f23f1def4df6991c97af9eaecbd036fe68e39b82f7a6642ce96bb9509b8c30a66f8902f6793e26654646869f270e762aeea77edcdc0e5793e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d91492748fe1c95ad79339a464cea35

SHA1
3d98d745583153d95faa8232527fa38ed4ce79ae

SHA256
5332ed189afd6bbcd2e3f7b295780c701a61387ec1f8e40f0d18e424c9baee87

SHA512
3cceab0d0cf4f848d90c09f05763e66239c03bff28e095c321ab876cf83923f87d3bedafafef159e4729faacc252e2baafe11f2e3a778b3196e00f3ccb6a52ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1fa056ac2d531d3551885e466a4367ba

SHA1
cbc0c865dcb5826c6c7f3ea607607962dd405ae8

SHA256
213af2b6e1a45c59b5b303d03ba711f60bcfb98edbd4a61ac5ca506f50dfe55f

SHA512
28fe8027aac46e587fb2a21fd2a0b1e6a97c4886a97a7c019eff271353cfabfd642d735d4e16cb7132ce5059af944bb790cc2b0110d8a571f7d5d86e96f4abef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8b114c2fb7820d7a076debac92fa8b62

SHA1
0693774b6754cb06db9d536fccd14c3ff355ea3f

SHA256
05436ac8e5b9c6613965c90eb60ee85f51b7ef04c5068c25a33e9f06baab50f0

SHA512
1c06d7e516f89f099d56da9872525c3083c3b89a35229996310fde76829c805487fb75127b9e1ad2e2caa0765be8bee8de49dee35fd90b2ec1ecc753f92d4b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
93c2bb32a5edc53244555bda527958e7

SHA1
0c88c95e9ac97d5fa6cf5ff05fee5c09e0d56bde

SHA256
f3d022a795aaa81a4435b7d31bdebc09924fd0b5f9f1e4b9122c3254cd90939e

SHA512
053abe2f6617786498c4436a85fb4d20bd9bcbcb1c152d69f48fe1f42f4e29b15cd0c4c62e56a37df2f64a0e82d0e1bb7643d5236eb70d78b3187a4dcbd26c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e2e47e37d50d252a85a5ba478c745489

SHA1
7a52554e0b597c3cccf98f22ebad2b113d80fabd

SHA256
f67dd26db525130ba0b0f2f1b53cba2967755257447afdf993852975b9cd13ca

SHA512
dd7a9a0b93172bcfd1925cf5be2713a19cb83432fdba1131a95e410c7c6023ee21317aa72411260654e61ee654cf1097af3f9ac53f6a79ae62848cd5bbe9e4a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
77fd29cea5d2286130f8c7a82b61c94c

SHA1
2b8aa356a0569198d28eb2d3d04c22ad5880486b

SHA256
519d99772d88d676863fddfd9e88895afb11156da28c5a52544dfbd2d46f3cb4

SHA512
712b2f9c0d36f56d96b47e9ea06bbef83d554ff2974bd433fef21a9e1f2645ae3d5ec4f75a44e21ab1803d4e4789488845849512235088431d4f5d59c3e6b300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
a18871613c731e977af465b9ef359ad6

SHA1
19a9db4866f78208404c62bd80392799e38439a8

SHA256
b954f80573e16a3db1f5bbedd22ead967332006aeecabcc5aeb566963eb8e9ed

SHA512
94eb623f7d2be77731567059ab1c74cc2212e08386f598595de27cd9175c5c0491239e91a5d1563cfbfb231f031c669d0396a4d0fcfc11ce938154d6cab80e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
88222c7df92ba1f1773b86a01994f064

SHA1
2412d275a223c6c9c66316e880a4b42feadea172

SHA256
61fd52e0180ce35a7eaf8f5355c26e4424242116f2e1cc196cfce6b1ca17cf2e

SHA512
c597bb627655b7bfb80e687b732a6bf215bc59594adcbac0c7cb0bc412be4a33f4789df0323ce05c86bf5842e9fe46613fa1dfa2670f718ae8b22b3c0643daad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
50b8426f28fe133f346364602efc5280

SHA1
d73b09b3e3d740f0934f4cf1f9eb305713b317e3

SHA256
2a314da2c80650a4e81783754118d79aa7e03315379d392cc1b0aa91d9c63aac

SHA512
5391fc017d441ee5f7aefdb9357798dd119efd1d495cda9c84e559e9173702832201cbc0aa678a5187bff86da4370c2a05141af5770b5f6f44737ce391e93ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a1f60.TMP

Filesize
104KB

MD5
dffb927a45ad5e33bf52a06775c3c070

SHA1
e18191527408b4bb8da3c22c4398d96c04d001d5

SHA256
963070d55d15112ebab44e8cde3014dc54da2e3632c0c6f0b066b0f9c18e1fea

SHA512
3fde103907a530898ff2206fec7b2ad463edba6998a7b97d5ebf07d18d924ffbe9de36c39ccb82811fdf8ff9826486942fa25779556113cafb53aa69507e54a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit