hxxps://ps3d[.]psgamedl[.]com/Uncharted%20-%20Drakes%20Fortune%20(Asia)%20(EnZhKo)[.]zip

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ps3d.psgamedl.com/Uncharted%20-%20Drakes%20Fortune%20(Asia)%20(EnZhKo).zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589516607723700"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{41B92375-EE1B-4C2D-BADF-DA6E8546AF20}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 2308	4424	chrome.exe	109
PID 4424 wrote to memory of 2308	4424	chrome.exe	109
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 4144	4424	chrome.exe	110
PID 4424 wrote to memory of 2496	4424	chrome.exe	111
PID 4424 wrote to memory of 2496	4424	chrome.exe	111
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112
PID 4424 wrote to memory of 1128	4424	chrome.exe	112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ps3d.psgamedl.com/Uncharted%20-%20Drakes%20Fortune%20(Asia)%20(EnZhKo).zip
1⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4008 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
1⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5108 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
1⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4836 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:2540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5464 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
1⤵
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4888 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
1⤵
PID:3992

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\155b3e2af9224781897ad0c71f7c7a3d /t 4504 /p 3008
1⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffca3ee9758,0x7ffca3ee9768,0x7ffca3ee9778
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:2
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4064 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4928 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5420 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5016 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3288 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5592 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3132 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5472 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3920 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2736 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5768 --field-trial-handle=1904,i,5666398306923825511,11040056034911418309,131072 /prefetch:1
  2⤵
  PID:2916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
17KB

MD5
868f1c2cbe6f6335e9526108b93b85ea

SHA1
ab894b8655b55724140516c9717ec90134186bbc

SHA256
0e993dfb76c08813b09f952cc2fe16a3b32caf5ca333093a88c231e09944584f

SHA512
21d76233f7fadfaf838f9cd18caf341986fc0bcd81e3135e9c6a5efbc0790173b55166ce04e26de4190d981f557a690d1a1352bd1d0d2e191912b7903802403c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
19KB

MD5
1972b3df4ebb295fcc3ff76696ded3c3

SHA1
9c61bb9965b82391685b64631e8622e3fa94d82b

SHA256
0e99d08426be6356e9a025a6d8b0864ce4f2f1f2ef77739c5cc675481ecddfc4

SHA512
b6327f004952d250164de4220629b6e0837af30a210b19a46e802d6f749b8af5e3385295ea52315f0f6a8620cfe1b330742ce97fdc87321d8777e217aa27e7ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
792B

MD5
4ae6955f3006d2aeee15fafe2978458c

SHA1
3ce2b7a8ee013c4f7165e7da9839a5715d764c25

SHA256
ee5cc6863f35fff3b000b5d4c81259d2ed5d8be0ab8f484dd9ec7b9a00cda388

SHA512
9a1fee36ab784e68381e42b0dd6579ef61d31497b27c46ece8c2a46300ffeed50139e850d1daf044b9b3428620d2c86ab4649472f4b8305997836c1afb8354db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
50833e11051fbf53191f653ad912d3ea

SHA1
ed41e3f67f557c896750c7a8a6ef8742f906fe90

SHA256
fd49c89e7fb68bd634201ebbcba1add6a2a9c126536c42b2678cf8a10ef2b160

SHA512
821d6b92c49114f36a43ccc8086c3ff083796ea2bc6036be1efa9a2725d7ca19265ffa0d2b28eb3f681076ff5b3f69bf041bd4b3be69d1332bc83504983df898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
e0ef9b3ab2e82e20ca7c7d5066367ee5

SHA1
3046efde38fcd48d3052082bd71f01876d5b195b

SHA256
e6d842a6647fe165a51baeea2dd0fb383958fab4442f73ad839369daf315e763

SHA512
510f0572ba5c676576ab96dcf4728b7d2b28bb4393939e5e65229759d8a08a1e318553ada6d218a4998ac14466d3afe4abdb92775acce58f64656c0ea34e090b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
415c2bea0757495bf78f8065ad57e4e9

SHA1
e620c1943690300242fe09f4fb553912f76ca5c4

SHA256
047b88573e76d684fbdacf31962bca6a32f6bddd664c231e767feb3cafd9481f

SHA512
67ae250091386b35f4f5224cafa761058ffd6a143cd384d3deb24680d2ce60036d3bb9996a1a31e40cdadfd49d555382a0ca981fc238e35258abed16181b815a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
2e7876adf77563bb0065eb05038c32de

SHA1
5345f04d45a45bf1843dde548a82709990840743

SHA256
f820cd5ef4746364a87cf71027007f8738320305c2bbcd58a81b4bbc8d92e109

SHA512
290f386e7e7d5094e37ec46489d5fd0dd1a695861a67b73990cfeeeeb26a9ae922ad6aa57e97dd18bc410429b9df305623d0e1ecf2fa593f0b7bedb3abb9e1ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
434cdf0dbe42fb1889c440aebb5a5124

SHA1
bf2e9d86352f4c37704c9f09b9ee9943a21aa700

SHA256
aad4a7e3bed9c01a7f07a2fb8adff475261257e46be5d1f124ed7daf5de3e617

SHA512
ce629752525432eeba60c7ce6e25593ce39f08f4bd243dd7dcea06776f27345fc2badcb121eebad9af538fe734a1d5cafa99ac71ae6483ba7bd9607945d70ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
dc32063cf76f1cd3b366d3b0f1f52096

SHA1
315f29c769a30dc26478d4e1c939066d2fcd1cde

SHA256
87865633fbcb012a2943067b256b0f5a708fcdb40986378a6121bbd7f771dc27

SHA512
0ec68f6aefe573a4917b8199315353e9d68c9548663d645e5acaaf035ce2af3eb5b5722119d0c8c270d035396d1397196721ee311a30a04c22a6785297156cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
e6810577b3dd93d6b7ce5532c510bbf3

SHA1
1bf587492cc7f9db6acc4bd5d3aca30f774a268b

SHA256
4eaf9e24c3abe13dc39b62118438fef803ab003a584155e9e21c24cc4e79b84c

SHA512
e1f106505a79b8392b272286e3b8ca6d11b9d8c42570b11e8467546c12dccf1e1132ec383c441527aa9c7360b73304e4ef890e034b5279dfc8d252aae9efa389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
acda286517c0aa2da2ffcb622f35efe9

SHA1
8dae0e6d15cedf59e4e60fa2d1ff10a4237454e7

SHA256
035b88f8582f9f4c8d6da951242cfbfb32046605008dbad13168098bf6f79b6d

SHA512
7a03893e60b381938f51da641fa7362b4073845843402a7e08c204f0ed21946ab7aee7e50ef4c336954cdc08f43d438ca04b1d51cf61a92d5d235b983ef9ab53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
e07d7e09b9cce54bb3f57300cc424aa4

SHA1
f094036bd81e872e9bc0146b8118732f7d3d35da

SHA256
32122b520ed231021d9eb77f8c7f0d8c3ec185d9344ddb6323060aaa5e2951ba

SHA512
030b88b1c5c332906a4978c27811cf26ed0d4c203c0b3e69adb48fa0e9a8b6abe28436ea6d2a4f858e3e3df6ff5b0db4f233ae79fe3f1597d2f35eba8871a2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e30b942246a3c23a5cc7866e77497812

SHA1
4d5f4fdbbc37f255a6d2cb551f2d4764138539b3

SHA256
f05f1c004d96b3e9b4cc7cf054fd89bc8bd3ce23a6f1231497ce8549db44d067

SHA512
b755415872e6d3d81534678aa03d89aae2a79d348769919da8c7d2b0133cb7e2677b65c19f487483afb4ce340a128be2daac116f7a5c9810e555a8925f3a98c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
36c524f41524fee2e0d2002d53b01a67

SHA1
3881b994ceb772e2b5fc836ce3cc603cf4757c6e

SHA256
d1ef311646fe4a83c0151e80a86f0684a10c401fa0942510cf8c812c15a5fb31

SHA512
1d8b98dc090ab719d00387da1d40b48bcf878092adf482cb45040bdcb650e08fd0e141aa8377fec90310bf0bb0050cefdacaa34556a48a24590173956442e821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
21957bf6368fdf1524e2206a8e6c347b

SHA1
90b5bd1ddc0938868c510b714523679d9453f1b3

SHA256
1fc22dd6faab77bea2e0f8d2b13038e2fbdea8ff6e3d7f2b3e42b4590739478a

SHA512
0017e010aa038364054a89cce20ebaf1dcdc2a68aca647a1044a9fb0db2b57c88d76b4325674fbdd55a241c8558e3c7fd8e9c9e138042df50663e092fbeb1cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
41402d86bf907b8123c7bb9498115639

SHA1
2ee5a7b90c39f43773909156aef64a7e3dd348b2

SHA256
11b3c5fb7e53c344e648c85cfff946e65acb3c999c60b2afcf30aa7c8cc9a4d7

SHA512
7ae4f68efb7be2fe8c9b3d2310a807797d0c9dcc2456159382a8f92f4f5012f860a9332ee07e088f939c0c88d1775305d7cf19878e36f3afde7fb3511c5cfeaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
2a102369ffee2e43240229198ae8c95b

SHA1
9f30d48b7ad7f2a997b7cffa7887da7509d54e06

SHA256
4dbb028d50fd44c1720ec9c5619345fa24a0873f98dce2e1c29ee440efd4476c

SHA512
6a7bf1aa25507314247306b4147786afd7a9a00ec8f803120bd7d552097568b7c620691a71ae424b1f5e0291ea22ce4a21188e0ffd1e9a466b9967ad6f845a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
8f04a08d1c20ab7b1035941558e2cdf1

SHA1
6853012dfe9ea06e530a5f0338aba7a866f6108f

SHA256
9df820040517d6cb9853faaa1f9b84817d2445472e37004e8f7fdf5965946167

SHA512
2b80c6f5d65eea1fc15c2c38c94c4130cd62f04d8820533cfb0de75a7e01975589de646f5b002d0ba0d4b626f0853a051ee47b378535c76c0f38a641faa555cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591aa2.TMP

Filesize
97KB

MD5
93ac1ec5499cd920aa33417e9f417f3d

SHA1
9ae2c03484ce1d5b0e53b2082e314ef59c96da3b

SHA256
9f31a72481cf505b414a81267a4d0f544f7c6c24554e335b9a0184ed78dda57a

SHA512
648bd29ebc21031d8ba9543d92fc2edd8e6606d5120d66ded1817a603a01019f1acbf1e22191f890b17d8904ba7db97ffb6b66377b50c30caf2ce7d9d4c74f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit