hxxps://valudas[.]com/prc%2072912

Resubmissions

18-04-2024 04:30

240418-e4wslacc9z 10

18-04-2024 04:26

240418-e2xbcaah98 1

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://valudas.com/prc%2072912

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578880192882128"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 2476	3436	chrome.exe	85
PID 3436 wrote to memory of 2476	3436	chrome.exe	85
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 4744	3436	chrome.exe	86
PID 3436 wrote to memory of 1616	3436	chrome.exe	87
PID 3436 wrote to memory of 1616	3436	chrome.exe	87
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88
PID 3436 wrote to memory of 4920	3436	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://valudas.com/prc%2072912
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb836aab58,0x7ffb836aab68,0x7ffb836aab78
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:2
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5104 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5152 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5324 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5488 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5540 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5324 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4056 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3044 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1948,i,5160656842067748683,4518775059458202545,131072 /prefetch:8
  2⤵
  PID:1228

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2440

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
198d221098a8284ad164364adbb59f12

SHA1
d5a3058d609ca4b8da83c8639738c9325bc1216c

SHA256
b2d86de8d3188d2a75622239a2c4dfc6ab7fc2847cf0f80213db72cd4e05ede2

SHA512
7fa615d4fcef7afe8a769fe331bde374ae05679d6573d38cede7fb1e838ceb6dd7fe7925845861017e717af65a9136e7592c68bf9e3d5d5a3a619a64f90665b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
5d6ebb9a7de44562d3878b8be05266b6

SHA1
496bc641049224859ae1b5cecb8baef785776aac

SHA256
a1cefd6ecc259a18327e0bd57c941d99c93eb1aa8e7c3fd99618618746283b0a

SHA512
7436a17df841268ad8252bc4949cc200683d52846a30aa9fc794ba580964ca56ff2b7c4d0b85d3d63a9c2358edc76c5e8061c903ef87ee28306c31c9b75c83e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
482d2805725cccc671ad8fe7d405eba3

SHA1
f08911514233cc73dbd9f7a7b14c3b5b68648369

SHA256
b022962f38f41ce1fe665f18a329cad3424260a51511ed6b8eab69a6d2074dda

SHA512
e20bc218cb01ff8fe86adf0f575f66b836945acd1e2c7bb891f8dab1c1fdd7f36f42df2c2040e5f4c2edf5a2b6fcfd0d177e01994e41fe3f7bad41f1a5bf6417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
6d75faae7fcff029d09aa92b22e1282c

SHA1
c63364f21c71bf45166556bda75521b8bae91bd8

SHA256
7ce831cc8e3f4fdb2505ad699a797f41761972979796064dd8db4aad76d1838a

SHA512
ca5c0f5819e10e9cfd1234a4071cc72d135a07199f7f4666244327cc23ffa067f801db6f27ac4eb512a21fe00b9278f24a13e783595a2fd9c014daed640e5440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f329060597a1546e9d85b6f4c19323af

SHA1
f982258e7f75d6ae45e674604619ea5c8ca95cff

SHA256
b11a06aa797f6eb17609f403133bb56b84cfe5f17ce78f5024b5d43f67001f09

SHA512
81e8d6e744fbb3903c2da0bcde9aa3f45adc0d6f56b5e1afa7f5b302f6bba153ac6fe3a532c00eab6c342db34ed1519a8f3c824be3ddf5f5563ffbeafa79ec29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a5a04b1130f43f78ff081546675b28e1

SHA1
e6b05f09df7d2bc6f5571504ef84a547179af9c1

SHA256
7a7853690caac5b07e509e14d36cf2ff42c9a8c28412f9954cb4a622b48252c9

SHA512
c0cd7fbae9e643f9869989bd34518fd28c1ba0624a8314bb20ace1ff82d219766b0eff967b58b70d78dfcca7f81d0e878d3d9e2a404c9acc297206371ad56c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0af383253ed85a8a7070ea8fcc86dadc

SHA1
12eb9fc3e31d8bb5a3cdc13462901f2415d801d7

SHA256
fb0149e57dc59fc18480285a4682276236661a7a7f7de13acff94e6eeaa4e06f

SHA512
9ef4067d79e800228f5b6228dd59722eef83004eeccba4e806b98f19e34e09b62c5cb1641b78cb731513e4d6c31a59e36a71f6da6a6d6d4830f849f5042197ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c61dd12bc475f6fe2db1552cce22762f

SHA1
117701ba8034da085227ceade6aee88ce3330e2b

SHA256
6968797891b981a56f1eb2989479adb04e129fa1bb4de9a8b2fb4759afcbf049

SHA512
69e98542f715210b9c7399275ea7b6f46f3e9b803cdc27727f15045c61177a13c6086ce8e93b1bf5d7c35e006a313e0711962f9d403de690a31fbdf2b98482b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
93adf52bee310346ec8ebf489339057c

SHA1
1c5b21942259e5d14fbe0cfec449e645d2b84c2f

SHA256
ec1d4a2aa4a87ff386911e133c7a7972c1b401dd1ec4aacff340a66b521a8eda

SHA512
73aa9eba6e31111f9e55406e6b5401291a24df86663536ea87b4dad92dde700b8411979088269d9a839b289e81a5822e421a8f3bc3226f642f80b8ab69a23a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fda9.TMP

Filesize
48B

MD5
9484349c4e23fb7a2c9534a4389a8780

SHA1
6aed7507a549158578be869ee1e1eea13f7a66d5

SHA256
fda880e6073db60dca4f8aa53f30e57ce441eea3dd4d7b2cb5625b5122aeafb0

SHA512
3b71b98ce5fcef430bc4ac585fd5cc015b9b1503df7ecfaf8f19dde88091070cb747e8d04075ddb9dfa946d7beb3c8772427d6a6ecbd7b4bd97687adfec01fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
500c58f883c5a8507c9ee1f8a9d1b7c0

SHA1
99690ad23de71b9e020ac2464abda99713858f74

SHA256
7f3d9e2a79422c7bc06f9112112e57bb4df2eea189941a78cd1a53b45f6b7620

SHA512
d14ea002b83164b48cf80f007d4ac375e03f17a9247e1d04a49fd0dbc32c64449918ec03815557e6a2c599e1a08fb3836df5fbd76f41830920a50693c15a3664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
43404eb3484f25553e42f7a50c1ce497

SHA1
88f0487eac2d41b6dde940677a77f32a3b64d9df

SHA256
68fe2d2985d15ad4bc4fcd3e332046306656be7d618bece39f2a3aea52b929cd

SHA512
53d3a429f69dad720618373fdfc7fc0c6ccac5431db3e225d8a2e10833e6e964bb5ded6489ee12c38f04fad5c67b2bce2dcdbd5c72908dd4cc2c9a2120e02135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
f9ea8b0e03d93123091dbe77a5dfee99

SHA1
869795eefd6e35203de0d1ff131ffa793cece9b2

SHA256
e620afa66a1583e144370a30da87a168bf8aa5ee155db576555435157a6ec1e2

SHA512
66fae8495a9ccf7e75221724a41763c8e0ed15becdd2d8e75f32bacfa6a19a8f4210f1020f47ad5ecc5901c136c14afa7aabf5a143b770dfd42bc627884b313a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
a1fe820b088dd335c857a5f479db1f49

SHA1
bb6396fd655e77160e921c411740810104a2d0ca

SHA256
f76a2945b06eaa8c804e376c90e5c23a1d8790daeacc80cfac0c0db8dd117f49

SHA512
c5309615698b40eb7ddedbde347a7ec5a9646dc45d4882efef406afa2e315e0e80bcc6b73e49a813ba6d1040ecde6ebcd20942966941312eee36b3a4920e5bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e157.TMP

Filesize
98KB

MD5
aa2e9ee8516213e121f07202b864d124

SHA1
ab28d6010d3dd311759f28c31241593019e80978

SHA256
412d7b33835e06094e91973cbdb65ea293de84505c04fab47ce8178be594cb70

SHA512
66b2f22cad9abffbaeabb4eb9e4cff1115b47512d1e60104cf139eb09e9adc058ce49217bfed405c7d27a767b06688a016cb78e749fe256f90e03effafe12679

Download Submit
C:\Users\Admin\Downloads\PMT_3678920.zip.crdownload

Filesize
361KB

MD5
675f4d1a54e4ce5a61d57988e07eb9a2

SHA1
caa2171391472e790c3490b94d539ca9af78e82c

SHA256
8c7cbe15e3af132d7069c664b399e7864c19957734bbe13cdf9ec8304d0153f3

SHA512
cdf982c8ae8d7ccf9264b7b76e1701dce6bd140154329e3b452eaafc52c59dec4d1ce4fc08dcc124e320ccb3d4bbef69ae3f2d20ca3a0f604d9b8ac6ab32dc91

Download Submit