7d35e4d663f952f93ef7b271772fc9ce9bc2ff22cb07d9a99f48e47b21517a28

Analysis

max time kernel
299s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FabFilter_KeyGen.exe
Size

595KB
MD5

c482cbba8d390a0488f33ef36daf2a9e
SHA1

cefb2cd5a09c7f20bb42187acae38fbd3f2da4da
SHA256

7d35e4d663f952f93ef7b271772fc9ce9bc2ff22cb07d9a99f48e47b21517a28
SHA512

b18575e6537d936cd97a0efbf9805081d3e97c540022b46104905a30eae404c0bfbab33a09cf282bfb5cad834886c27e21fda5198bac8d431d5a75af236cab78
SSDEEP

12288:XYkc9t2Sll/5+Fu/dCzO6bqTYFD3fUtPPR5HnCYLJZKrdezL:XYkcL54S4RbYIz89PR1LGBuL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4708	keygen.exe

Loads dropped DLL 3 IoCs

pid	Process
4708	keygen.exe
4708	keygen.exe
4708	keygen.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
79	pastebin.com
80	pastebin.com
78	pastebin.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584120871395000"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4704	chrome.exe
4704	chrome.exe
5856	chrome.exe
5856	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

pid	Process
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	180	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	180	AUDIODG.EXE
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4708	keygen.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 4708	1200	FabFilter_KeyGen.exe	84
PID 1200 wrote to memory of 4708	1200	FabFilter_KeyGen.exe	84
PID 1200 wrote to memory of 4708	1200	FabFilter_KeyGen.exe	84
PID 4704 wrote to memory of 612	4704	chrome.exe	107
PID 4704 wrote to memory of 612	4704	chrome.exe	107
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4888	4704	chrome.exe	108
PID 4704 wrote to memory of 4028	4704	chrome.exe	109
PID 4704 wrote to memory of 4028	4704	chrome.exe	109
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110
PID 4704 wrote to memory of 2220	4704	chrome.exe	110

C:\Users\Admin\AppData\Local\Temp\FabFilter_KeyGen.exe
"C:\Users\Admin\AppData\Local\Temp\FabFilter_KeyGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Users\Admin\AppData\Local\Temp\keygen.exe
  C:\Users\Admin\AppData\Local\Temp\keygen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:4708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x310
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:180

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe8,0x114,0x7ffa035fab58,0x7ffa035fab68,0x7ffa035fab78
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1708 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4792 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4596 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3052 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4988 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5012 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4832 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5404 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5532 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5648 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5796 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6364 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6524 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6540 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6872 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6804 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7212 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6832 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7536 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7680 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7832 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7984 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8172 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8312 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8512 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8332 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8352 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8892 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8324 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9204 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9172 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9516 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7668 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8864 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9292 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9272 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8148 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:8044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7976 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:8060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8000 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:8128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8296 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8284 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5828 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6496 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5936 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=4688 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5252 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:8144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6004 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3124 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5744 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6048 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9356 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=6356 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5740 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8596 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8564 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:1
  2⤵
  PID:6512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1816,i,7828935608432670001,3506685193343696065,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5856

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6ae342b0d726b57071ec9a45817bcdd6

SHA1
0728d223580768b444a0573f9e42e6fbb06af619

SHA256
3e5f65a5c6fdb1e230b13df190e3ab528850a55a0de1084c1ec805ee75c217ad

SHA512
0d163b8af6142ff9c177dee67a4cf61b90e39a20014bb39bf92572a039a4f293a52eb7982dd7b9fd60dd65daa9aa26e94e80cade48a3d3b313e81f2f19247424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
fb5cba94996e0c4c6a269ea679f10d4b

SHA1
9fb41559e82a909865200019869ed2a4dd212aad

SHA256
cc6f4d40fceff7fe753ca1f039f20f9d33b55eae20db8aa2dcb3d9dd9aa70d04

SHA512
0239996552028c9a6d9bcf2e9ff8b896ffdb6e4f4d92a5002167c781917e9a1c81047031ed8bdd6c2e91bdeda04282a0379f21d2736ab667f00222b4eeb08259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
854240fc98ea41aeb9b65824a2b97ccf

SHA1
37e1fd0e2dc2534653c6b1817dc71703f72dfeaf

SHA256
b08a8d56cb3fe56b64764d2c311b842fb7c32a84b9f01b03e0f0176eceed863a

SHA512
13e411affc2c26bc73ad0ab983008eac1760046b217b04702a709f96a1dbf4169b574ba5865739576444642ac570bcf0b5fc5bb217fc3cbf79077185d856bb55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9dd04510295605ad2a31e68ca61ea09e

SHA1
932f5cf8953d9c0e388c18f10b7ad38a564f6693

SHA256
097927e23c9ef49e05f46154302fe77fad5eef0d1007fb5e7ceb5a2f76589241

SHA512
338a4eb73e310b2052c991d784ef035fb29d3d2dcd9bfb41f6fa270613dff77d64db7acb3c85b22c314dc7d1b652866b73bed6bd1f15d2f770ff9e3f3219d5ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0e16872b16fa31f1e9345d15072c5380

SHA1
9b8c4e5f1c212897a036886639152d59aba9d20c

SHA256
0c6bb67f86cc7899d0b4851c49a31fde9767385834c89fd0d18bc18dedd2f315

SHA512
b11ad9ce4b8224faeac082fa063dd85c8e1e9df8c6f25b39da959dbbcc6f0a59670027737e2c1421e97fcb2986dc9d9495f5249e068831b10259bb75854d07d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fa72072a866d1d211588a8064d401a38

SHA1
43b15619d66bf531bef263e206d67c924283e9b4

SHA256
afa8afa650ad3e9c5054734dffeff05ee07d2cc30dbf6075c7153f4889f7deab

SHA512
f9528704d097ee47a345bba25a2dee27c89ce7cd76fc4c757b5c32b2a4f14f6b74a2865c497ca961c97c02c1334537f0c6b8a5ffbebcc1d9367b909f7a66374a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4098903ebba3b65edb10e672197ccd00

SHA1
71c126294f2bac7b02ae2fb38488faaf96862af8

SHA256
632391590da8736cf835f29d54c6b786fce22d5ab84d5b18df81e1b9e323f8d4

SHA512
7a30ddbc0382123c50c5102957663bee58549ac64da61bd09b214ce85658bf47f25686a2dfc5a4ef7497a18b50774d148c9af1d78a8a7e6316f1c29c653fb101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
da9eeaf42f3ec850cf61179064b65d68

SHA1
ee6bd40eb0a593e68a51a3fed70afcdea58f85e9

SHA256
618b11be7d7c11598928d54db2067d4abfe8caeaa6dc0b4364bee30f86585a36

SHA512
e57e663544cc6b1669c69f0f6409a1764c480c5ad46e3fabff39226e572ecba5a7cf72c4ef4694c935ecb5bad20292372c27351620f73ebaa611cb13af861ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
29c75eef01c34f6502cc050e68833985

SHA1
0430889e28ff9e48268e92bae52c5633df2e3543

SHA256
77c8d3b1a4b72e4d8a3a393dbea4ebdf88e94a1e3791ab7eac80964a3050744f

SHA512
2e89073b2d816fbfdd5a1e0155a00f06db3c306eab6c5990435375b1d6e54335ad5c5a369990388c81646cb8a7bee84142fd2bc245b1f46881200b999c8cf254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c24d64a604654839568faa78934f3edb

SHA1
4f354c8ac65068c44af739018ae86d5c92f8709a

SHA256
4a56887fd7f13e17a0505bc8379646f87d0518af2b98f46cf5b944e9aafea0c2

SHA512
c9809baf3b3b20afb19151a55b8ed36a276a10738cf45d4786ec70f547d785b8956754711041ef7e91d14b0e9bb1057f130e2990d577b9a4ea0fac727f4b68de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
cb0c7eeea0baf21b7519095c367a7979

SHA1
9fe9ac3dbc28dbf69258d2643079b375e3c57bb8

SHA256
723c07f1b7994366186dc8e97a0cc70ed21c686da9b467ead7c3a881d8ddae90

SHA512
26394bfad6c8319c1000cbd8a14b6f4b9ccf4cf610517b1afb1ad43dfe5b6216f90afc5319790861a59cccbdb326262f57b52064d260451dd6807d1e76cda060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
ab21310a9ad3c069a6f385f4883561ed

SHA1
2a66431824a94254325823f89f05d90b62ef78bd

SHA256
0365657f9671fb768d5e25dfec3f6cd07ad13ebb945cd8032d1b13b40cc6cb06

SHA512
676593f61a2aa0cf135870a5b7cbb4d9f70d2b469630e52e4e5756fc904194307561b7c7f533faa7fee074da9a47a26d1dd3fe3af001f585a369b809de6ebc3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
abfcad8d03d5f0a0ed9ee672b9b9d9db

SHA1
e6c9af49a4ee12cdbf717e7f51a1d054547045d7

SHA256
20d31d77f4bc77c6a451e586e3148455693d8df14ebf234f56533288c10808be

SHA512
76ce78d916ac0f18dad50dcaca9999fa0391dd8a8c44d5828b67164f74f1eb624f1cd62292c57bffa5946a62052306a755ebda97fba63a762ec9800ab822ec5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f5f9.TMP

Filesize
88KB

MD5
11143fdd81ca91255596417e2dccf185

SHA1
5a39e4eed03001a26e63dfda5b4278c27ee446ad

SHA256
0b9fbf0e5a59af1a61f9a0d02cae0915136a8690d4ee3477dbf350d8b2bacd41

SHA512
19825ee2f86ed42b0d782b4ef4004ed8d12c48748416a10ebdb51d00edb93b5c0d2dacae984dfec10a920771bdbadbe92420ffe68379881a622001f22d661718

Download Submit
C:\Users\Admin\AppData\Local\Temp\BASSMOD.DLL

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RFBFKG.dll

Filesize
91KB

MD5
62695f6fa2a85fc9993f57dfcbdc2749

SHA1
07a9b478df63fba4cf3002974b4cf56b404d0914

SHA256
1ab33027c4965b027298651781a1c780c272818da189e2c3a8101ac578069260

SHA512
69dd0de913629853400106811bffdebd8ec2037c93c9f9820d3f140e84576912de3ab57434086e20cf8698185015c27fa307e06047e2219dcf38a927a36f3c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\bgm.it

Filesize
80KB

MD5
5e3c083251880c635f5ea6a0a6ed8e76

SHA1
e7fb44133e223140057243493159bdce01c5f080

SHA256
9d460a48d7f7f461967c9065182456871606eef1c27f21767335b7d81384e141

SHA512
b4a6a5ad71a13f51989e1fccedb542ab528f6ab9bc3d60a4c93c59e544b8eaa06ca7b9fe79c1d9a5c92b61345c18e38736561cd21426bc9e43ae3a4c59424284

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
1.0MB

MD5
d46b062d7f8ecf948d579ebe809cd597

SHA1
bba400b955bca8729bfdffb343d3b9f54cbb42f3

SHA256
9dca86bab19f5f0cd7c71ac4797921c93c03894f2378b8b3f4e97d742c9c2ea3

SHA512
2c93a1e061a9a77b5c4b5ba8e5f6b4809f225c28b9279cf341c54b8cb586834c7e1ca583df8d8ad4ce8458fcdee306b9f43043b5c2e3f9441f024b4591ce7d49

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4708-563-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-576-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-355-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-282-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-13-0x00000000008A0000-0x00000000008BF000-memory.dmp

Filesize
124KB

Download
memory/4708-520-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-14-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-530-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-52-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-539-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-58-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-7-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4708-69-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-567-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-568-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-569-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-570-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-17-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-586-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-587-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-588-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-589-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-590-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-591-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-592-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-593-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-594-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-604-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-605-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-606-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-607-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-608-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4708-609-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download