3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a

Analysis

max time kernel
299s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29/04/2024, 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
Size

1.1MB
MD5

8e7b0f31b1a2c5049f22c864c8fc4eb6
SHA1

c1ce754e8a30e20633a4a43f2ed18860de049588
SHA256

3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a
SHA512

799272e1453b9bfd46986e81ae7d81d7e99eb548ccdfd67b6b83c91c11d5f837d23dc82f735f30169ca813babf85a2146dc58ba7c6868653e13e279afc95ea5f
SSDEEP

24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aue2+b+HdiJUX:uTvC/MTQYxsWR7aue2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588402109048813"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3256	chrome.exe
3256	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe
Token: SeShutdownPrivilege	3256	chrome.exe
Token: SeCreatePagefilePrivilege	3256	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
3256	chrome.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
3256	chrome.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 168 wrote to memory of 3256	168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe	74
PID 168 wrote to memory of 3256	168	3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe	74
PID 3256 wrote to memory of 3648	3256	chrome.exe	76
PID 3256 wrote to memory of 3648	3256	chrome.exe	76
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 4152	3256	chrome.exe	78
PID 3256 wrote to memory of 1268	3256	chrome.exe	79
PID 3256 wrote to memory of 1268	3256	chrome.exe	79
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80
PID 3256 wrote to memory of 4296	3256	chrome.exe	80

C:\Users\Admin\AppData\Local\Temp\3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe
"C:\Users\Admin\AppData\Local\Temp\3fcd0c3ef3dcbe69c9a59c6da34ce13a3998ccb3c4df7539474be855e0001a4a.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaffc09758,0x7ffaffc09768,0x7ffaffc09778
    3⤵
    PID:3648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:2
    3⤵
    PID:4152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:8
    3⤵
    PID:1268
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1868 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:8
    3⤵
    PID:4296
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:1
    3⤵
    PID:312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:1
    3⤵
    PID:1624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:1
    3⤵
    PID:4484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3192 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:1
    3⤵
    PID:8
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4732 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:8
    3⤵
    PID:2500
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:8
    3⤵
    PID:4708
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:8
    3⤵
    PID:3568
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:8
    3⤵
    PID:3824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:8
    3⤵
    PID:3940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2720 --field-trial-handle=2112,i,11721681909662811673,18044853767320637129,131072 /prefetch:2
    3⤵
    PID:3732

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
9a1078be3c7c91195feda55f6e70d7f9

SHA1
ed866bcc03a26ae8a11b82b40fd71f078af3f226

SHA256
6218ecd3c2f5bd4516559478a0653663440aac0980c1de4800b2cea92cd29c75

SHA512
e008f320a5d0a6e159465e5f29f67a56b16be32bf728561e62c11bbe8f1ccad6982b99381f35e1469566ce2414b2a80c032f387ddbe2c5da0881c033ed05d345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e061bd2d91b46fa7f96badaddbf92b83

SHA1
9ef69ca0014e4608a043b22eb2703d4c8799d7c9

SHA256
a0ad4301d73aeb054f9dad63127a1fe74294aef0dd6df950d4f4e0b473cd0928

SHA512
c1353a2d48e113ccdf03669f77648288324ca5213394b1b3d65d9c240f69e0aef6a476b4c0e9ff2ee623447439b94bd23ca919f78154e747c46899d5d83ffd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
489d7f56004f1f40795bca34d8c72325

SHA1
2a570c0ffd15efa61c22d346f647db8bb98a4d85

SHA256
934fefcffe0b2c5a6639cfc4d3d4717dbd12c7b82a1907dd37cd797a5d855212

SHA512
a19cc526f5707ab72e142bf9e103fa8506baf76d620e828426d9d4d27bc293981fe2f1bf6ef79f6d3cbc3819303576613acb789f2e83daf30e54d30ffa1fda3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
7ce9a12f6ab97f1e0d10714f4d14a252

SHA1
88a363b365f9497ba60633eb0c757620080bd774

SHA256
206f7461b6e483baa6fbe9611c92e20353c1ab91c7ff5565a9d34b9f5d8959b6

SHA512
b1670d110fe0946984ccde2a9c9a601cc0cb641a0ebadeb87e2839864c8e126a418d47648c19d76bbc4da96523f20c3a57564207924791661c1e6123d3afa421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
ed667e4df32383929f12d1b513bf8c6e

SHA1
34e256f9a5c4517fe92161b9e92a9d7f1d421520

SHA256
2491a81217b3a742fe5ff3c8185278107d956379d0695133bf4e09d547b282bc

SHA512
85490110c78f630512d3ae1a4213807cb73f8e395b1e997f71ef017bc27145512e36e08ce892ecdd14ce6be20e8059401d9ffe0387080fe80d33dd12c362511a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
47630ea3c70140c6418b9133949f25f3

SHA1
17f4dd5429cb22d32844ea5ffc26ae331ff86c5c

SHA256
b7b92fb0560bdab619b1f39815f050dbbaac3b85ff9f6a3d56d6c9620bf7c1ee

SHA512
10e5681d804b4177a7825a3de8d76cc005496dd96b2d278d6ac6c8945f96cddc464260679bcbbd8bc11d2b572010cfc558a1ffd777919ea412ca04c7a8e7cb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d1bfe833df4bfbce2a7d02e0d1ee15de

SHA1
3db8a6714cb90caeb46a160b0e18fd34b51fecd4

SHA256
be2ef00931cc6352d11bcac99454f8d8757062c0479132522d11a972887476f5

SHA512
09e26ba577e0c9c1030d9aeb487bbf0523912a910f8fabde37824d116e300da089cf61369fc903d35b48e133d69d6d5f729726a982f458d73ee8b7d9fbdc8299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d2dc525b980cf24750e8fa72a57cd97

SHA1
be3c01b2626a0dec45b21459951e6d0d7d90345a

SHA256
9f7ce32c0699c3773f94f431f7f95cb582ef6c441f85494103c511612ee6efc0

SHA512
ad42e3f80cbdbd1c0937a744b022f66d925dd5aeb9502a8a1423195ef2643316f1b3753102ec07bdd2bbbc604ca2e794da5bf8c3e43a3be38acc1df05aca07d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
33fa781ecd4241dca884b603f14c907d

SHA1
0a800d277b322a344adbd628ef8f6bd4791c22d5

SHA256
8e8fb52851b66278ae192bca547d342e095679f9cc0385a3058fce9aed37754c

SHA512
e08c2e37e2393bd5151d8ed7eb8da442c86a9f1840579e2601bd10ee1f2c1680d875908d9187c9cf41092fce1ed674a8f28814be34e4f1988c59060178854616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
5a8b16979796a0b47721323c5a171db3

SHA1
383abb205ad0a8516d2297f7fd88007b2c843e59

SHA256
657f334b64c246095ab687a20a850ae042c993df465c11abdb12c55fa36e7f4f

SHA512
0c4b645eb5db7b2df8fdc541af7cf0846ee97c175804551239d4cb51829ab7f927d20114d564195fbfdef8808b0e72a297e93b2655467c6e17867010a4be49b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit