cae4cc4ba00533f1e34c41f1b4352956d1030a027fdfe98a45a65d81922d0da5

Resubmissions

30/04/2024, 20:37

240430-zd6v4ahb82 3

30/04/2024, 20:26

240430-y75z8afc6t 3

30/04/2024, 20:20

240430-y4mpgafb8z 3

Analysis

max time kernel
594s
max time network
595s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/04/2024, 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-04-15 08.55.04.png
Size

35KB
MD5

9dec70c3c535ced956218aced361b022
SHA1

e6bda0eb9de539a0b7263cf9ec57d1671611ad2d
SHA256

cae4cc4ba00533f1e34c41f1b4352956d1030a027fdfe98a45a65d81922d0da5
SHA512

f8f1b1bae9c5d537c5b5e3a9350a62a0deaaf364b255028caf14c9ac7b29a106f485a19d43e782a6a0b01a9b3d7fea9eecba39d77449279d03ddd66725b93677
SSDEEP

768:fZRgSWMwHk9TU7hE27+NbrUUlAoqo6yxaTL4yQ3:f4SWMwHk9w7Z4FllqP4aTlQ3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589824376646107"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
1584	chrome.exe
1584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe
Token: SeShutdownPrivilege	3888	chrome.exe
Token: SeCreatePagefilePrivilege	3888	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe
3888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 632	3888	chrome.exe	78
PID 3888 wrote to memory of 632	3888	chrome.exe	78
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 4288	3888	chrome.exe	80
PID 3888 wrote to memory of 1568	3888	chrome.exe	81
PID 3888 wrote to memory of 1568	3888	chrome.exe	81
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82
PID 3888 wrote to memory of 2368	3888	chrome.exe	82

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-04-15 08.55.04.png"
1⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa640e9758,0x7ffa640e9768,0x7ffa640e9778
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:2
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4452 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5388 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5716 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3368 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5180 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1624 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3764 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6048 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5476 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5536 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2096 --field-trial-handle=1836,i,17521366029810292121,13060448111151658376,131072 /prefetch:1
  2⤵
  PID:508

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f2f75dc8307b90b43c1476f23ba40ae3

SHA1
41ab90dcae0d86f593592efa957eec3fb70930e4

SHA256
f4c2022af313ecae8a6a4b8f9f86ba3d83a70fb32b7af6afaedd95efd063b1db

SHA512
ecdffc6ea82d37f7933736850fb43e9576e471e8f29a956b0320d9654f2b9a3475a53925115d29712fda3415c2cc1e4c49a3337770b0f40f525783300c41426f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
45cd7a79b2d75a423827b89c092b68f0

SHA1
6c59c81254010412897d3fcc0b4d23ab071ea84c

SHA256
4acf8c8a980f4c5603b77998b748e1f19303bddc14f23bfcadbd71edbaa5e6a9

SHA512
50ed9e3adf9437eabaa1354145cef0c2f1d3d06e5a4a3dd4993bd5f17b3ff817ce2725592fea8754af7dc7073f787136ee008feb3566845d95b43616574538bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
b78d0d9ddd9b8d7de34ba7ced99e1f50

SHA1
b0475dbaa62781fbbaafb0fd81d7e877c6be2ccf

SHA256
015d206a8de797f18567b0847bb1d371d38ffd59a22e3eaf38f1d1db0bbc57b9

SHA512
28e3b7729334fcd57f242487133ac9cb30797fa3241167befebbafbd45b0ae276bbf35608806258a6a5cb9d3c9d7228e0e1557e42d2b8447282d8a26d74f387c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d2f1146c6530662b76f29c6b50c78c73

SHA1
a89808dfa09743519e264c3341d9b03e37088bd0

SHA256
5ea82bc3309f3d4dd07c513287e1bfa974b5b53623cfbb2e0b72e7a2ae648ddf

SHA512
0518c4ce5ea668957a74a8ee6805699b4b019c5df4e7a8bd89479dc7def637b6d11d6dcde6d9d144327d9f1f795341c93d1c683f1a0bd6a2ebe92cc51d959306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7ad575888d0f57d720fd5e9f82d4a337

SHA1
9d1552b159f8899115dc21a8b70049de3a299cef

SHA256
2f8f2f1760c7b58036e3fce6d6352ebd163909947cf23da1400447358eb9c899

SHA512
aeaa38e584b12197301b55e0ce172e8147e930059a2f240a1aa1bbdf59b1329d41c6dcee620677cc3e24c412d9eaf6e23e0be6f8c14bcb81d84c6465da4b8348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b4bfb56cf12f6137c809c5a7c5e9c2c4

SHA1
8df1d312fa86100193d85a3e94e931a4b469a2e1

SHA256
7441586e2f50106935cfe6c7f94ffbcd8e381fa0d92c2e48b4c0c0327ae23a8b

SHA512
84af5e2f96efa92ad35e4ec4010841275c35b44b1610130d7e401c99fd95c71dd01eb97600dd91f0a5fc46547bc63c1ff1ae42fee8ecbc8a713b084c18d36b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
50a5c0607233cccaf34e311ede564d87

SHA1
3d93d11947e50606b7d16fe031a8b32168cac659

SHA256
f20a73454c03e7326abd8ab50d8d8065074176a66db595ddb7c2669a99916238

SHA512
08ca168b45b8b702b51f8820d05f9b5318bf6d30562b52644b9490ee5ce0600a9a8f764ba519d16b9018da85b28c9b949e0614df99622374e6777e464cc5829d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
2b047506b440b93d727b349d47fa18a2

SHA1
8624c1278620796b1b28aa1fa77bb871bd542732

SHA256
8267c98dea4fd87bfc24e8c1c9da837343b1f16651172ffee7a92404b22490b3

SHA512
918ccb76f1329b5318ec82c7e58454528b16e9a03081e70b20fdfa9efced9f84d0e95043997bce8869b70f331ad224fb6eecded0437aac38410217719fb66d4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ecac4e504f1269dbb9026de1d86210e8

SHA1
9869b5ad323cf7e3afabd9e26027b681bdb8179a

SHA256
7ca8929f881256040d9b3cce6069789e4006ae9052c607fe10de0aa13ce142da

SHA512
fe025329e324fc0b8e1be7fee87bd7b59f30e1d1ead846ed9704bae7e068cad45328e041d5f37921dcd2a1c381daa531b52361fb4ccc9e9090a638070d93b31d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6612b5cc373d47c930470b0e652ac368

SHA1
da67f731f5c3d43a2f2c7c59ca54a605659d9751

SHA256
70223b3a59ef904f0ebac126b15784b6dc5e8062843e6b9e1d566cb453a298b1

SHA512
f1b8a8bc5eece444a165d61a2c726e5e1ed19c22fbd46d986e084113f47e68fffeef79f3cecfa4adf2b1f6ab7dd1eec5fc577af8a683fe9e649527a933058c1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2b18dc977452715e8fe2de0fbeee998

SHA1
dcef96299fe723a850b686f71fe92ad16d25c699

SHA256
1e027a52fd540fe0801005ab6d44bd20a125139838249f0230d88d5eb49eeb76

SHA512
7ab09088beeb3daca30c89ab816ed0a7f5d9135c2aac589aeeb375c1490d4d5bb96998eac270ee65eee62f55df1369fa4d26cb33b147b652a368c555c2fc089b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1e7d079ecb7fdc90e9d67db59fee94b3

SHA1
19bf58271b6199785755d84c5054405085e4add5

SHA256
8c5c461a700be4b846d2bfa204e2163b2e364f50eabbb3001f5ec78e6a03c992

SHA512
e4a4bf5da19259672ab18453080bb84ba75f5e25a13c696b6c82325258fec688baa8bc74c4ab458b35ead95d9dff057e0a14e6c53a58b503cabf50d1fcbfbc92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed8c3f5b02ac25470d1339cbb566dc40

SHA1
0cb9a2cadd1a9e963bac48718de9fa339bb1d1fa

SHA256
1a22835f1e0727be9909a93cf3b42bc1de82b467c17567ea5afa64490a5caddf

SHA512
bacd3cf478b4caa9795b99039ad6ac96c8d964425ef44f5e83b949e7f9dfe9d0a948968e649985d2d24ce0b18cec711e454fb49d798c63727e879fdda90fc60d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d4423d3394a6f549ceff4dabc54d8873

SHA1
5c627baeb3f9f2aa01069511aac204caf0034af1

SHA256
17980edf1e6abee05d453dd8182cddb6b9b746a9e9a77a3c3ec764bb677e79b1

SHA512
9c6df3d32c1df1d8389b22272886297b31bac8b1089fef75bcc82230bd33f7d30401d1101cab18d29c1957c2eceee315efdc1bf7713afdc50504f9e974b8f36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
edbbd336e8460ec2c4365580f9649a25

SHA1
2c790ca26e5c5e57b65113145e5c892fd0e1e93e

SHA256
909509159bb02a1e758614e9be3acf884ad1ba18c351a264eaef3b3ae02ad8a7

SHA512
b08c1fe7d51e3223a205eadfb89a05d05fabcf26ae9ce913896b10e149fd57564dd320e13064ef73b17b5d8f7d85169ead2adb75b8a3af69f1a783d77d78ba5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
829d31827f69506452bf78eb6e10aafa

SHA1
27d076e3561769d6f2221382f26ad6f93d96449e

SHA256
aca96f0150ea4304040eb9d0d6428badbede6f52d017ec64c80f8577b8099505

SHA512
bab2d3a9bd6afd89f4c1ae8fbce884334c0a0c2d846f39a2c31bbffa2b7630dd58c32f6da050ea299f803c747b0c980e8bf20256bfb2ad9b8a3f14ee551b4430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9e7a091f7e4b936a949a2392e9b9eb0a

SHA1
c2545f7a7871a64d0ae8be9f74a99dae7a197559

SHA256
112298676564bc05e37629278f18a78a24091e7a6079a32295de2a9195084b11

SHA512
ecc0a4a6a9eaf3bd92ef3b272a0cceab00436ff386b3e420011940fe60ff57b732d47f6ec6187b0b830827f5492236a396f64021ec215f7615f6c7c067864f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be7b2ce4cbf4c671808ff21777368538

SHA1
2462ce2a4079c0a3485599ee9181237bd33a3128

SHA256
82635a860b93d353ea3c78d28915703f88aa53ddfa153633490d9a71db929ca8

SHA512
8c5b663647b915f380130b74d404278f1abbcfa6f860105768373fb896caca2567aeea713397c101f50e8943f0b08c8317636b4790e6e1ec52e0d342c00bb997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c9f209c6f0848fc189c89dc27df70ca6

SHA1
e509e1daacb9f07b231a381e138933352578b4f3

SHA256
1a1a7ee09ec474a14035a9fb9d563574106e0f4290b0ddd58f28a888d4f63e32

SHA512
50a82fd29cc49c20722f4a77797b1af7a05ea52d657f9109f0b569772a560721eae59c756e101a320ca2cb7db3d3fc5d5f25eae7ca36ce56b351a342e255267e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2c4f467491c27f8af1b00af7d86a35cc

SHA1
2994dd16e6f34292f1ee1ecab7d347321245f109

SHA256
25b6679792fa4c6a3681ff712548272dd38cb75cf28419230490155496973a0c

SHA512
3d614754ff387f3ab988ebfb3cccd59b91395ffab40e65c5acf5f79a3d4d6df69cc2678c1d5513df0bc03bb932297fec68b5c76735d381f7ce181c28dc1ef95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dcdd132d3b6f949c2024274e8e16f6d8

SHA1
833eee1a5aa6b26d238500390db0d81c5bb840bc

SHA256
d0d2d84e449f7635ee5f7f8a75bdc0cdbfd2bd3ec7e34d6a04a818f66fc7c3cb

SHA512
5afd7a80cb2579f8ecdad08ee6eea690cc6e346d0329ee958f70aaf45393347446d20b731df8badc760e96ee3ac600a3d1bb098ba1f1e780dbc9b67764c111b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1605328c0e8df9faf04e2ab17263cd00

SHA1
f6f5f983864a98eec91f2f774c5bc7c27b09c1cc

SHA256
584c2e455908385e02c10c1ab80d9813111c25b248f046a6f344bf00be2b1f2f

SHA512
be102a65120d12f6ee794fdce20a3aa13a8c6c0f43f5effc808baa910f36e1fdabd66318d9a6d77599c012e922637d7d22119e02320f86d3b903858fb39335ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
3c7d3071a4572a44ad083e6cc73aa4c1

SHA1
9d186344f7edbda63d8e34ba1b73c63eb2e92a8c

SHA256
2c8150e0333f962cb5d2160fde488211611f8f8f5f73fe0b804d06de4a9f7146

SHA512
e4b10cd21380ca14ac5ea75bb44f14b7c4148b25771a4f7f1eeb1668670b566a1b9c7d5815f96d859be6614b07b9b2ddb78fd3b83046984eda169e50ff78e9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
4cf351e2ae3d045d27a1c1e7990ae8a6

SHA1
b55e7983a4058256a62a4cf4a4b3ae64cd2fd222

SHA256
5a748a4313c17a33b0e39027c7b798a1cf770ed4b77202d29cdb23a2107e6c45

SHA512
664354b398e136946b3b5c8794b9f10b9d6179a2ecba1386b3d1b2773920a8a79a8103fe072adfece8ea9212d7d89a1f437031a6efba3585627541b73b513fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
207fe4b845525e04c66fa5b0fc3e7619

SHA1
3cf3ecdb1dece9cd5bc8b0c376a4e7f415c82f29

SHA256
be5771ff99903f5706ec00aa46860a204a5976ae7fa26f178a95ecaadf694134

SHA512
fe0942c403808b5310a5c302d7c15b1b0481664a9dcc5520c768f13e675dc4b8bf7bef87657ff21d707cfe637029147040c002a078af6448cc388aa95c311e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
cbc34ec8750eb2a66557a3afda51e736

SHA1
6692eca317bc8ae021b9a295a5f0512404b3e9d8

SHA256
eecc8fe4888b334315f7584b4fb3ce8860461d644a2aeca0a89245b386124b29

SHA512
88f4fa4a56990e42a3feba86e52ca268e7bb1a6bbc0bfe28be7a858de8d17cc83b8e12fe33d2b273a0e094154b0d26d0502abd487f1a3a54c055030ce7624ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit