d2545625d92756576903c2f52a566012640514e70868b94a7dffcc03731df7b9

Analysis

max time kernel
450s
max time network
450s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iPhone_Unlocker_v1.4_UserUpload.Net_UserUpload.Net.zip
Size

8B
MD5

78b7afcbdc973998cd635b90bfb50060
SHA1

cdf66fe1c625311d7edb13a73a3e33467936031f
SHA256

d2545625d92756576903c2f52a566012640514e70868b94a7dffcc03731df7b9
SHA512

e4208eaf979d1f9655b57b0c3bacb041862c328ddfa19a7efcf713320dc81d530d1c67ef041ba7a1798ae2470547d5ea33fac0b3169f7cd1b6fa65d18e13a894

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585387860283074"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
684	chrome.exe
684	chrome.exe
1072	chrome.exe
1072	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 4128	684	chrome.exe	122
PID 684 wrote to memory of 4128	684	chrome.exe	122
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 4928	684	chrome.exe	123
PID 684 wrote to memory of 5112	684	chrome.exe	124
PID 684 wrote to memory of 5112	684	chrome.exe	124
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125
PID 684 wrote to memory of 1996	684	chrome.exe	125

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\iPhone_Unlocker_v1.4_UserUpload.Net_UserUpload.Net.zip
1⤵
PID:2912

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd6044ab58,0x7ffd6044ab68,0x7ffd6044ab78
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4800 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4164 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4888 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3524 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5208 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4648 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5204 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4512 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2580 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2708 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4252 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4624 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 --field-trial-handle=1960,i,13747119846809193679,5369055749117992781,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1072

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\33843af5-4079-4d06-a35d-abaf0afc51d6.tmp

Filesize
7KB

MD5
5e9f89803cf4f69b656452efceecbd5a

SHA1
821e830f9f1cab03be4c13629e3fb3d9ad9cef5a

SHA256
dc8d1426eb651a04eb161651a6bbaf2c81dbd3109f1c15700806fcd589d3e21b

SHA512
e23b8172b63cb645eef9fbee1264cf6a2997bf0e72e599d9f309a5607549ff8834b6d18e37b115f449a94f669a4dbf7d3e7be350d3f3609a98975f7dccb413c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
aa1e62d93491660e2f18f5d23569f415

SHA1
6bf58c2fc15d07715b8993574a566720a308e7be

SHA256
0055119e8dcb344c2b0af56bd48cb7202e9db9c8a15f00e3ffc5d9e6704d3731

SHA512
00a60eacdb36134ec3ed792e9883f7be2193590c4d59bb997e30c9486ae432faeaad9d0f4028410dca476848d97fb63c4ccfd41e185f62d7211d921006543a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
53e61cc81927009da0c2554aa9973832

SHA1
4303cf927c457e493f078187dc0d921c9fef3527

SHA256
9277e3abd39ff576120013d12b4369acaed187b0afa747df5e746e15f93aee18

SHA512
2fa776658379919c5027f65558c2ac335c0fd8d3cb1033996a685e46cfcb2a491b0b33e6fd951e95d1c526a7a9780757c287e82d0cd8469565dc41ab1c473fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ca0c32f8cbc7dc9a84b2d2e98ebd4684

SHA1
6e85241d129b011023060b8e908114cf78333dc5

SHA256
42766517d8afdf84f1ad66e9cf274708d798eccc1357747391fe87ef5deb0411

SHA512
856dee7b7c9996910123e0e169ccf19515943cc4b1278af0c2bb932c3ba42f3acfa47b439fbbd1fcb85a5308c642395dcbafee2acf2b9ec1c31013d78d537806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
729422ca82ba05cdd19a5aee494eae26

SHA1
e154c33d8fa36313cf50651f8108994b8f3926a4

SHA256
aabb6a655ef9e7dd04e3471462064a73fad5e0b59cc1506de2fafcb868105975

SHA512
bb5ad9dfc88a6110ca280d61dbbff0fdafa8de10ee34fd454b523b7669924bfb2db7f5c0fdaf0760628083adfdcf1b7e0f6bd15d5ed2373ff03081629d4f71c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3cc9f730b7bd67e05993947bf2e4ca06

SHA1
be01f1ba2af4891f9cd331b9e02062fcc3bb35a0

SHA256
dc4da18ad6ac38f71448826cd8e395a79c503cb77d9f210ace801f2d08d5a1bf

SHA512
08a9b194477801513755a623aa2834579b99882ff70c5abdc1c4284d34f2384692609b3ba04548d7dea6400ec496cc40e090c9d4c4e59c5750f82e9ab5204121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f9658480aebe5ffd1bb3a9d4d8864a0a

SHA1
e503ee2230777506e9d6403432bb67fce1353698

SHA256
776fa5976cc209a19fede1edec90a152fabf2e9c07ffe7acf459b3bde4f84256

SHA512
539b604f08ccdad883417c02cc59f8b2e9ee7ec37d2f6af9b4c3bb08464802cdc757440cb5a867f25d8073232c447b5ee0c903ee388b637557e6d372d67c1cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3bdf686c2bed34d3da90f2432a7470d2

SHA1
85fa4c7bc21fb77bd8d37f8203af3912a95faa6c

SHA256
5fa7d714820831bdeb4c9990661f29a46ed72f6473a0274cb6d7582f3623895c

SHA512
fd9aa103f843a81f3f22a1f16eda5b5106c0ee65eeb5f3a0aa938d4956ab3dc013706ba3fab9ed6facbbb710474fd48059671175aae5bf11269c5412b7ad3637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cc498e674f3038d5ceb63c15f1c7afa3

SHA1
bc2e9569431207eeb80347bfb7bfd742a33c6952

SHA256
06d193587d2e99306266713305938785f4c1c5abd1ab899959222c1280a586e6

SHA512
6f54aa5e889c827558aae4f8df795ca69a6357da2048f7e5cdf9500acc044c61e0d34f3c64158ba3a5f9e516830bbee0df833ba7b3cfbe7b40dbbe566d109db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
abf0809aa77e326870d166138ba0a53a

SHA1
315ee18cd8e249fb40de490b8f3ef968ec8bb709

SHA256
e16d17f215da08ab7bb5a93ed185fdb27b0eb0de5f075577ae2fefdb26d42184

SHA512
cce562d658fe39b435eba4d7e7ea1cbc5160a0b58792eb644fd5a32fac81b0b425e4fd294eee185b0efa4cb6331c7defdf66be9b18a433292fa00e369da541aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dd63c428232b9fee8b636c3eda5cdb27

SHA1
c25b8869a97295a49aed67f43e41d7b7eaf8cc0a

SHA256
a28a3f23e5ea1109632afaa1ae9a6d19c555a4d65d870e1edcacae3a31d77cc2

SHA512
f0b241da84214a7f4387bbc8410b693be16aba46e83907a871015c39dbce86e35f6fd850f9beb1bb719875dadc6f0ee077d6e25388757b39deb24da372049d2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
47e0e11fb9e9a61b7adf5b483e55ec6b

SHA1
0865f6509af3b913508ac74e12a023a54e476224

SHA256
d2cb518df0a699620d75cd640fb022c846343b73109ce52a303a741ad3e14707

SHA512
d66659ab85da635dbe08d2727e3aa2172acd1ca98e23b1c681ce2bcf692b12963e4748f19de7d9a2e50a7d68f535caea4e4c1834aa4174fd35ec2526cec7bedd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5840c88bcecc29cdb76277106b9e3c3e

SHA1
cb31a66c95bfaa75dca14effe30263e4e8a7aabc

SHA256
e3124904616ae1aec86736cfd0e1452fe2e1632277613eddf267270a798520ea

SHA512
080ff82a8419b5f1396334d46db92051afdc217735dcf583b5cdc39af9f8b173022ea5a0266080b4128be52a82186677bf6fab98f50bfa271bfa1d3611c341d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
46a728555bbfdd5e2484faa74c0a00ae

SHA1
4db588953713f389376b4ba49a0682456d2a95d6

SHA256
6c5faa51ed68cb5b57ed6c8cc485a95d8c887d39cdebc3a05b51d6159c7f0098

SHA512
3a8bbcd2586810cf58b1712b2d691b005278151b7647ee677e70f8b2ed4d84aeb63b2021eca391853a58c65c46cd792ef2ea3474d26045a7b971034902f3bffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
8822a1147d8a6977722af896cb98b48c

SHA1
20660dd1c41a361d43ce99c8ac5ce1357b8668b4

SHA256
32e3fe3fd7cac1638a68f2b0e28123bf85955c2331236bb0e4e68cb4c3374d64

SHA512
2f8200acd137001e8cbc4bf325a53f0a66471fa9b8172549250c7e7634534a4551d4cf50ab8c8ce5e23cc70fcdf419b5f8b45622e212b3bf4a4585230e407222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
7df7a89e426fb7e7ce03e41dacfd279c

SHA1
07f714672347daa41c51d2d93a7bd0aaa70e123f

SHA256
c6221d5b61fa262051ff8b1da697a3fb30d84f2d859c7921256ceed3423ca562

SHA512
f567975baec54635f32b0ca6988446156afed8376a021b3dc344ea3f9a0704daee6f8b858b6ac4ed092d72a576f58d129555d776e7c17fdc6f6f5592dff8538c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
92aea5fd578b7179b7a615f2613ff364

SHA1
3be5dfb32aa7a4e7f9aa8812a329605751d3d561

SHA256
2489b174da11d1f846587e93abd5b5e92e180d0cdd3c81dc97cfea48ce98899b

SHA512
30dfaa17741f1177d06af24f03fed2369e2c43936f862313ecfb81aedc950cd6ac84ec1136229e1f593208a1f779df7d2562675237f4fc4df91bc822b6e27ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
abfb0c0ab1fdb764c89b3ea67112622c

SHA1
6841c37790e261869f44922bd2057fee386ee2c5

SHA256
411da0ce743cb95a914960ce12ec27d10f753243293afe9d63dc79d57c5f726b

SHA512
a233d56a9b7bbc1ba07ce29df528d2faaa8d3f15ad15b83d329ab65bb3252d528314f4c5986e71b2386491b4cea30023c7f9ae97b76ddcdee695a3c5cedbac73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
eb7f01ac2eb19a57eda72f360126d131

SHA1
a471ed8cb7943910a1f7b6abdf512c58c4df432b

SHA256
a9e5cfe4c20f6367d2f5935bc2e3a2c8346d34e6f770ab70d092c688d7132fef

SHA512
cd4da00e129dd89abd9120a4addc77ef836a21903383e14c8934a9ab0bc3eb350961380eaf904b163ac20826d571c1f0aa40a5c17c9fad66b66467529798d40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
06041b17b305884e53c9eabb2fbfd743

SHA1
2d60ecddc8d6c153ae65f59745f289328a70d65f

SHA256
508fbd03c6bd216748b39a0434512c59f8dd370476ab5d8c0070d71f2676daea

SHA512
b220f136fd2e241af5ffd75ff3a2ff94bd371629a4758caf7f47affd09921fdd7cb21991c72afe110fde21ead045aa97f1b6e3fdc91ead5f77662adc65511ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
32de8cacc39975adaf04d76f096f861d

SHA1
e5cfa20faac3b14836f0cc15ce351ef6073547df

SHA256
50f26bea3c9117ef94a1ea638a2eca066f08550649373ae89f3d8efc2e9711eb

SHA512
b758df67c055915fc24122dc11d9d3907879b110671772a5c0feb88f4ec8d76878022e1162c380f4d8f0a5361971d95345347c6b1f8701579c7dd883da5aabb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ac361.TMP

Filesize
88KB

MD5
3a1746402e9ff87419fc0b935ca77d68

SHA1
225e669c6facbd0c9eddabb49dd46b79ba3a6dd4

SHA256
43cff72b5dd240ccacfec6827fdc248a90f47aa615e85a97c2bd26ebc7c5f0d8

SHA512
769025d865bbfd06b844d570a2efe071c4d3c771f9a3b7e45860d977e032a475e187b87c2d521481c51395b178573eb4d13b7ddfd1b313422df1681d00eb405f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
8ea3d6feb1433725bfd04723d963805c

SHA1
bdc1141a19b5326825bb77432b3fb080f153562a

SHA256
71c765c1458c0b50a0a7bf9493b5db2b9a53c4b425648c61fab6530096d98018

SHA512
3c3553b18ffb9293bc820a1593b4d124a20f04bcbd91515fba854f5d457e6ab53138ebf8b8e78e4f5d18659b3bb06664d80f9dbb9b11763d873ea8e85a84de4a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
14eaa331af6d688bf2ca9259ba2644e7

SHA1
f870cfdc30d7e649b6849d0ceca580960ec364c2

SHA256
b4e408ed184c7a198e0e3a7211949e41e4d48c425f7b826620d62d07ea6a6888

SHA512
f06ebad78c2d0286af207c482f94097f7e6223bb6245a09291ca03078feba2427013d7355176058f768f127bc0490d6f8e79a29c3157acad7f9296a2fe2fd941

Download Submit