92b2d2a44e57ae9d47806eba7e62ef0d0e3b152e822803845e9bfe74adb6efc3

Analysis

max time kernel
151s
max time network
156s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11-04-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rbxfpsunlocker.exe
Size

605KB
MD5

09d083f0e2c1e8a3561209902333ad8f
SHA1

d9692d3aba34a39aeb9e53cb3d25562b94e2e597
SHA256

83dfcb08ea4aa1b857d952a8a177db775d1a7e9cfc30b528848a4a29c8dbf0b9
SHA512

c71371263cacc4872a4bf621614940f08c9436062683be5de921ae6e509079e25ea380623e8945d40858819a664bd76590defb2a89949e8e5666190f1024ca6b
SSDEEP

12288:IKOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:IKyacgDD+4fwG1NaTSw

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
47	discord.com
48	discord.com
49	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572726907234868"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
3596	chrome.exe
3596	chrome.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe
1032	rbxfpsunlocker.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1032	rbxfpsunlocker.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
1032	rbxfpsunlocker.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 3716	3596	chrome.exe	77
PID 3596 wrote to memory of 3716	3596	chrome.exe	77
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 3344	3596	chrome.exe	79
PID 3596 wrote to memory of 520	3596	chrome.exe	80
PID 3596 wrote to memory of 520	3596	chrome.exe	80
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81
PID 3596 wrote to memory of 4664	3596	chrome.exe	81

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff96e339758,0x7ff96e339768,0x7ff96e339778
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:2
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:8
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3716 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4664 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3112 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5512 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3248 --field-trial-handle=1828,i,4441220977739046571,3079442470963581135,131072 /prefetch:2
  2⤵
  PID:2540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1e40074679aab9c8be50974ad32571a5

SHA1
1d658ed66da27f52339144c69e4a1eb65ea358c9

SHA256
82538c75902127a57fd85a0c71bbbc59ef3a3a2f45786b663e9d6a7c6d8219d4

SHA512
b1fd0ce7f0d073c4e1ceda21f905ba84bf7c56d890958e7021e259c452f3a1ef2cbe41505f8691497a93bc21d52104501deabdb659d66de6efcc57092221694b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
74635f25a864df177bf05ff065f1eaf6

SHA1
2253d83580296b31f00e9e03eb0fd2d84f0f77cd

SHA256
951e7823d96c98b57fb3e841504a4497eab417d085ba969ad3bb0d134ffa4068

SHA512
44139ac8ef0eef26c4317bbdde9a331172452d28b17bb4b72173fe347af376d823b007a5b768c6038bfee94cbde8b30e5f4d9626c3a0d0c19f971dd8a608aeed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
74d37eaa9d3bbc604a376e9fe843273c

SHA1
61f2aa46b21176ff532000cb60d431af07ee87d1

SHA256
b8161bcd50767d898d93fb649a48172007a37251396062159f8e17066ab4897e

SHA512
125dbb8a8df18f00951ce9806071eb70aabbc5d2ad96653c1a00537d60c7ef252d92fc9f3b947a6c9e2d2b8ef4c08c1b33b5b4db416e705083b09e9d5ede1fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
868ae293ba3795eb93dc1bc6cb174bdc

SHA1
3ca90328853c3fabaf3358b6c03c36f7ff0a6e7a

SHA256
2961649e0bb2b95e20ec3fb82c703832a143a0345214e4ea29606367bc36f6a4

SHA512
c88da35543364b9d260afd076f9a3080fa5bbb1b8d52d3c6397c7c3a052f86a2b1c9f3b64d8ca4821614f717cb05b87788872b835696f6b46977eaae3e2b9fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
69833dcb2b45b58bf051a28e607ad623

SHA1
05cbd660712d50925e45907d3e1c169793947aed

SHA256
438cf3091521dcd589a169a09c01227b0b2315657b98ea4fbd9314167a4f73f6

SHA512
0103e39bed330c181774ffeb6145f126fb46bf2c28c6c716ebadcdeb3d458ed5f833eb8c1383a08e55a0e55f5a8649151c8c6570c92e26c26a6b5faa41f6ef7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40f0083903f98766d6b0c6431d2836a1

SHA1
10f943a8f86500ed125f38f1083dbe576ae74b04

SHA256
0b7587945eda34c66b18781120aa58e43798a6da6da40befd15f77c8191aef75

SHA512
53c8c5fce25ed737cbc95d299e32b759b9b977ef3d2c6ee92cf3e2af685d4c200d5402f5fad5635ef1395cde77a81ef9fea2bed9baddafeef8061a98d1530a5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46cce467bd89222fd8325852d6c12cc0

SHA1
5648861d2dc54d1a41b071f6de893038d94c3e7a

SHA256
68b4b496b95d03af4ba8b3796f327689cc9178684f82207cccc9d6c74da80c0a

SHA512
57290dc715b6db987a9a3297fce94012bdc17bac999314c91fb085bdaed46da8545ce70ee9e1e36aec5bd0b8e8f40d0f9cb2026ea087f9d2143ec5f0fb176dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
04746d773fd81537c6e363a620b1d227

SHA1
ff56e08a412d424db8c0178258c6545c245f8007

SHA256
058d429f1e39d9c8e4724937b2fe4ba7846742ba0e26fa39ace8d33eb2b0859a

SHA512
03c2ca274257388d78892d54adeca3c7d5855bfa5cadcc22cb779c3da2b05e7c8edee279cc8d50fe282347ff386ab1f75013b85cdb3bb5eb85f1dbc6b461b6ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9d26c307697c9c1bb37f17cbe31c4fe4

SHA1
e330ee399002228629893e9e1f4c7b96270815be

SHA256
9c9f4096ba858b035d9e063e969b066779d6e693fb2a90cd5d25d1c7c66f8d99

SHA512
06616bcab5c2d574ac70bcad195f99418528109a7a184cfb07da62390c6bbdb9ef0862cbe30afadc0935c0f1fc8dd051a6b79052bfb9db1a7f9ae8f2919b9a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c1e4d27da2f95be589cdfb2345ac939d

SHA1
48319f70a417120e769b9843f56af14ff2b79acc

SHA256
4f764723b948ca5bc7b59eb7835bf84de903cbd3702f0919092392d5786b6706

SHA512
d491fffa2600ac015aaa50d95517b5496b11e356e7a4f5e3710343d82c48e35c5f7495ae9b3b826c9ca81889481c817ee7250bbce449fdb855456899a705801c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
319cf2096145126c1c651d1678a24753

SHA1
6497ec30a825e60948b373152c2297e58420cb99

SHA256
017017f5d5a900aee30c2d036491836af967c470ce7e31a0bc803c654f9969f5

SHA512
5e9cb2b3b2e370d4e6a4ec9745b8d6333f7a70e57d2b2f74c834f466e53e9a141e712af9a1d56c8453171b0573bf040d040e44bef41b694f7af29c5cdc52d984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15bad32d4821fa57007ab441c2c5541f

SHA1
feaf29550e3248a59556b74666f161d82f226ab6

SHA256
4838b608c0135c496f37d2e65e77806989496ee118eed5c7df7a4f1e5fb47ad4

SHA512
cfa37084932c663c2e7d655367100a761cac8659e49e9c1e2a5294ca453a8c20c194129bdcbac4e9c69ca86a28aa112f9b4ec1979bb42cf6c30f648fa3d4ea07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
613b752579b9bc80c057137259e15572

SHA1
fc09a6a6eab8e986cce892f9c95c1953c71afa16

SHA256
e9db74a7f54c13778bed5e4b3a1accbe5d29fbe662a8768fbb10083f12447f75

SHA512
60628531cae2ec74b1a0ffe5ddc7e3899e98ae47a2699a7a48591101b318eb1ba740bad9956d075e079b52fd46fa71297be99950a7f1554216b2a0d39000a71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
384fdafebf932c3765fde62c33d21e68

SHA1
24d36bc29e52d917a72892cd05bd9f5f5bc4b7b7

SHA256
fa446815f2fb726fd3f15a832a24646d527fffaa0cb79a67931cda161fd8f221

SHA512
a03282233be9e362459d92eda5330f73be7147a72dd93fb88e50d67ebe6b76ce8a15b301e8dd805e20b52760c1b5b300b3d01af673e9bec78664f802ce1f540e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
b6e7552c0339364716fddebcb43a47ac

SHA1
a9df393a0e01081f5ef7ba24e0c4e484a0c75a30

SHA256
75ecba51d3922915972824220e0483fe11d5ac0223e874128e2639ad883a4c27

SHA512
bb315c36e77d65ca1d564ae390d9eca987d43cb03cfe7b9be89f270ff4f26d2c553437ba1ead58e0487d2c31ed19ce71be69c26d8fb48dd43384060897ac79e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
d791e543396eea919413a4bddced165e

SHA1
a1dc9cac3826ce7b3d8cd21819837cceb0cd4764

SHA256
27eba7e475ba6ccd961acf35e62e83f3408a0acb9a760ed0e4f8077b48755f74

SHA512
b0fd9a353d89cb394c8befce7575b068bd26925fa3dde142f26bd87bbe51cceddabe9c9466fb9e1002c13ba6c997aac282921504dc925af6b0bd8ffe7bc3202a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a1e8.TMP

Filesize
92KB

MD5
4b3180880c449d08ce117a333b4337a0

SHA1
6a78bf74b5af76d00d294f42918375d0a574180e

SHA256
03ba5db99aebdabe79f493384de4669f998b334bf386a342d6a0804342dd83b8

SHA512
d6b25f8a5cb22d0f8c4b88ddb9f5b9c7e44227cf8aa6350724c9c0d41b898b3206be74b70fc65513881726e5398cde78624e26b9ffdcf2b7f95267f89c5faee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit