35b63718a69aeb066b873e0439d29d9c72220fb8d41af52f2c872945aee245a9

Resubmissions

01/05/2024, 06:42

240501-hgjfjaac2v 3

01/05/2024, 06:39

240501-he57hsab71 5

30/04/2024, 20:51

240430-znhk9afe8y 3

Analysis

max time kernel
316s
max time network
315s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TUI 737- MAX 8 MAN.jpg
Size

43KB
MD5

960c670e5f264fdfd32bfc2912a69154
SHA1

cc4f65846d8e30a0c7524164fecfd87ffbe24ece
SHA256

35b63718a69aeb066b873e0439d29d9c72220fb8d41af52f2c872945aee245a9
SHA512

d5fa59dd7c255bd9c41a61637418e736412e5ea1ac395a20d6debab7ce0eae7d75daaf34443b35c192c1e82fbd02f62723b257bcf94d4dcc66e0d590356d2ee2
SSDEEP

768:z+Jqv+vbEgzKTa6U4uGVqtS8wPCaJQ19pwPn7RMnPJN+jsDwgNx35qA7:z+oiIgZhs767+jsMgLp3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589839412018472"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 5052	1700	chrome.exe	91
PID 1700 wrote to memory of 5052	1700	chrome.exe	91
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 632	1700	chrome.exe	92
PID 1700 wrote to memory of 4284	1700	chrome.exe	93
PID 1700 wrote to memory of 4284	1700	chrome.exe	93
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94
PID 1700 wrote to memory of 1160	1700	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\TUI 737- MAX 8 MAN.jpg"
1⤵
PID:704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e20ab58,0x7ffa9e20ab68,0x7ffa9e20ab78
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:2
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1780 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5008 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3192 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1572 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3260 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4800 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1468 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5288 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1032 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4184 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2008 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1872,i,5397392799323472652,10437384497958842219,131072 /prefetch:8
  2⤵
  PID:3492

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
ce88d38b1622e20fd06d9e763a430d76

SHA1
85191c4b14e6e0b6c923510c64744998d6515574

SHA256
67040d827f073889510e6166ae1c76717e3c51b7e091495e48707d1051725a75

SHA512
2270350c6c220aa295ac61eb64e346ca03d78e7f2416a62af994533698eb93cacf4b14a95f44b0dbf21f699f17eb2e34f9f5cbd8a58877b45d620fd2b20691c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
20aebb0c3e7114701cdae6882900cc08

SHA1
424c8e8c93ca8a1dc48e650c6016cedeb889866e

SHA256
598f336707c0596d95a43724d207def4a6275f7749074891a46c3139b3b18375

SHA512
8a2c62e7b7b7e0c666ff647724231a29b78ff952621c60ff88d64088c63c6cd354f4df1b9a4e000548419f7e13ef536af806c88fb51b252521d0b527c80074cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
3fb01a0633c5b269f2194c13cff9589e

SHA1
42ce46ca686fa383de0cc9f61692c98e432a5b98

SHA256
cc74103b97d6c686040b2b14713cb7176d8044049ed23e344f81062ee58ca0a9

SHA512
3a23276b80632fea6f9199d4209da12cf2eded898d77845e88a64950f1fc330599eaab0e71b523d3afe95e9cbfcec8ff2dc59b2ed9ec68cfb847ca06ae54e838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2e5d3590a7edde57f367bd2b1c6f6911

SHA1
91291b255254564db1e5f64e1a629f8db35e1acc

SHA256
136490212e1697e7d90916368c46f7f39195d00a6dedbd9a21f3c97e033d904f

SHA512
2efbc6707af777ef7d73904bde8a3569fc6f8ca60f4311421eecfe08a50e8d624cd5b2d0cc5676f5852bebc607f1da13fd303c3449cc27fd52891a057b6801c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
039d5e3f335d14d5a2260d53d993d820

SHA1
6a6de1163e84c2248f0bc527be94209afea8966a

SHA256
f21b30b68c88b55732c337392922a23e16842f90c9409428173becd593b48fdb

SHA512
35267f7508d55ce0027cc39c15ad2b24c8946648b57d6bfa0fc5c572657e97ceb8911354cd6aea1f06a403666dd299313ed38f72feb63000f501bcd545bba7bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
199870b71092c5f6eaf6ec2c89952b7f

SHA1
a3c426d010233f63e5ebe83366ca65f1411ca8b9

SHA256
e775f75db5bf3e06a797830a4148d96632bae78060538e1da94e8a26810f20a7

SHA512
c02e2224659b7d91ac16fa4e4680dd4749474b72663675981e311489615aa58eb0afee55c0a9d5a5aa2afcbd11ca05f6d86eb18ac46ef3f447bf0f548aed2761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
95a11cbf30866a324f6c4d2ee59c5316

SHA1
ba8b0d9844d9a2ca4ae1a327896701d2ba1dd80e

SHA256
d3cc3e6308a90ff9ac458a13b2b56e4ca7548c6806a0fb6128895079a619e0af

SHA512
dd0a5868db90f9a08f556cabaa329c247484de3986c97671a35f01b267ba6e94ef4b673283f5d7ddae2b8499d4725f933630e3030842ae8be296e6106c1750de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
bde2631df074927ca6c1b9580b1152a0

SHA1
fa5cd44f082a44812d3b94075504e13069b785df

SHA256
6af31dec2b052c0ab7ea39d3cfda01a9f1acbd233f9490ddcfebaf2d81a9e939

SHA512
50a77bed9a959f744273c030ba19fcc953923cda1f6fbbe195414c3914bf7e6a569c7afddbf22b038a3476e1f88fdaefc05bfe3d4e51b5972bdcb81304a92190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
689f23a642b7d43062db700f38297c81

SHA1
95a9ddc3da72d1468ecf7622ab826097f394014a

SHA256
a06e3f9c6babbe20f07398c9fdb6c291c4f10227fc77f9097b01fd4b6d2e692c

SHA512
58af016e59f03f6402c872a2eaeb7cacb9e1b11635a6aaf2a1de64bf4c34f1be917be54bd1ab2ca83d3b7024e54cc9863d023d210c7761bf8896d7e1f97fc799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
102bdd38fd32016bb15605bd2a5f7aef

SHA1
8d0e166f6feed371eab76da7f103afacd6f23e05

SHA256
1a6b021c9c293ff211de9288a274717424ecb128edbff8b2d18e6b6c47adbeff

SHA512
39ad4750dad2dbc9c847c1e0c013d33a18f5432933a2d17c893769332f3ed63afe2bd9eb0b88f5ead37e1657f29ce9d882a629eece45f0d9240696c1e4b389de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
79e56f76e22a699cbd7d1dd8e996a2ed

SHA1
7c103778b4856c02b81108921819c1149698f832

SHA256
ba232b7f829df4adaae794126194194c7e2ca28b1d266f8f9c6b00d3780ac3d3

SHA512
d9f0be1210d7c3c5a65a1b2866dba55eadad5164a1e4349ea136faf2e0c469d11d682287ab8fc67cffdf5279e3ba99ada8b3f5b870a65396cd5a64eb6b585788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
1d6616bd585bd666450e38d7846d1709

SHA1
fbef34b12aa9919f62a0445c94780d38f6e54558

SHA256
18840c7c34020f3a335200eb0a59296d8387e452b421c8e7f584051e7100edac

SHA512
96e88b590aeaad6a753983a98a26031974e5cb3b01c169d511a11570dba952f4c2052c72df39d114823d0425bfe0b2a50180294730997d92c28ca617dbf51024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
7592559d30fd0de3ee9b01d23b14881f

SHA1
5828b7739b75f2d055dbe2bda13aa9fc6dacbee8

SHA256
86b92d65124fe50b871187620c3c0121a767f92750e8cea759277161db650365

SHA512
b726a9103ed4fd1e1fefb62fcfa59464f08abb3f19a4df6c3d8a815b099137b014e03b5095e5569486721aa79131100836fdce51bc514858d5332b26f39b6423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
14ce6fc3239de8260d99249517bda4a3

SHA1
41feb0ab4e9cabf5dea93b4c79436eaf5dc22325

SHA256
44289dbc1132582be4d227575cda0ba852f4bb2a4a28615011fb8a5dc6c9ee62

SHA512
44dbf716b9fbfa7a4f7e951bb5e316f24da79d6f788b9676d2d86b2642df4d1ec4e843e1d358c4acf64ac969b36120bcd648df249b21a5b7dc7a132ad40b4208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
7c72f9e12fbc751dc45c80f7bf1f5a53

SHA1
eb45e8a219735d012ec82789d43ab66d45f2204b

SHA256
1c141e4a675983e3fcefba90e9eada86705ec360dd833d718d303630cfe58aea

SHA512
10e737bee9cf78159a2ceaf3b9782cd4bf9ab96fdaff1968e96c2fa85354d6697848d64b5b6a259e279fd1dbd0a135f9f0499d68d004d2001cefce9749c64788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0b734e970a86b243994a314f30b051a

SHA1
c3b502b52c91bdec8124c745320e7847527ef6a6

SHA256
9e61e1563fe044bf37e439de8d5bf61b42b687bce3353fc59ba7a30fb4a73a37

SHA512
9a4685e7b2b2cf39e84924f86ed11fd916201d1bf21b1aad3b30c7e8d5c48176f624a3d0fd89fb741bb02bbc0ba6d8cead2dac4ca4c15619df25c23557ddca8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
1074a23ef04534a1fa4062650dc64652

SHA1
010b02b0dd45561134ac4fc6e24413e41f925050

SHA256
9b3eeeb68ecb1f79ce8a18057bea5780c5a28d080531bca680d84172a73c0b7e

SHA512
c6cbd6e9a7150ad56a3b6acf231bf1bcd8e63fbf94f6520b43d4b7322b11a0d39b529e713cfda70921fb36b89a537a18026c43e53d23719cd0c3c9e5c96a87a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a61ed2ab-ebbb-4a47-a3f5-e4844f5db6cd.tmp

Filesize
689B

MD5
5be19d1a3971df0be898c4b096dcae17

SHA1
da559743e85ad0f4d8aa21189698663d8479e881

SHA256
71385c7cefeb5bc9fd99d64b936a8b8806619383b3e2b0eec88b578680ee83b8

SHA512
3b8fffcc7edbdd76e482e89120b3a1f3804ec772d1704a8b9d6d02eb83ace484fd210f15a0154d05ae41707090847bdc264eaf08580df476b9e2a17a93579b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c5372f44-153f-495f-8c56-0d2876ae3e7b.tmp

Filesize
689B

MD5
3017847155d4e95779887a38087cfdb5

SHA1
f2482bb15de1eddc89116d3f9c7050bac91d1436

SHA256
0d9ac00965b79f192c0c523b9ba659e0690312b0b0bf465bd9510d121a1320c8

SHA512
0005ea0c483688eeb9a3f99a55a9b393c5e0080dde282cad8be955ecf48679ca3bc688a997532c12bc3ad0a58e4c8182a04bd5d98ec2f46aa47c73aee634a493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7dbd82097a18c56b6973ae6339464d09

SHA1
f746b944d82724401c1836e8dff15428802797be

SHA256
c9f45aed823b421762032600a76a150b4e4bfe9e3ab63780f6d2c24327b16326

SHA512
d5efdd55e446a6ab598cf865e12d65b2e1a4a3296e13596b4f38e3fa5bbd8922f28a967a161c861abc686c91f51f469c1b162ca7a5fc28ef8d72d5802174fcb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
447c37889c2861a5d08d467efc01886c

SHA1
2a4380135b4be362f8d5ab16273d907317a915c1

SHA256
ddb8eae0683bef61760d677c4083a9078bc6c5b90bc3b1c2e42396f1af342170

SHA512
29dc31dfdd3e4c4f9c33b7d13915ae5877387421cab9064a56895859ccaab45f35801bebc734723f9dc7ddfb6c33238c7e917af86ade480001c05c078561fada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d879f17683b8c6dd9244bfc05672bebe

SHA1
342ddb71498c228b10ca9c241f7bc0f8b02d12d2

SHA256
9a7e7bce7551d4183bd577025a06c7c21e0b8f6385ec11a7041095980a4b7cba

SHA512
e63f4d772c24feff220d5a2707eb9f0d83d302ae4ca453794cd2899d9d8491c54dccc8fc335603a983f2033b27ce0bf3dcec3c8d3ad2a201fb02bba4ceece7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
952abe61058c396d02a38d3b0d1b0d32

SHA1
a1b63eda920c882df3adb3e8d8dc6d5d82785d43

SHA256
e14b1043ec10a3f4b87f2c23f2fb73d2f6fdd2532ed877cb8ae11aa730c59d88

SHA512
69f3d32a64b28bff9f4d39cdf651958e6ec4055386b05625fca292fc1b7d7a25ba322c14af4d5380ee498767bb284585e4c07f74830c797c9f2bd54c46324592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c4e67ff5221cc0d43e59bb2e165ba062

SHA1
73850ab3e508daa437278ddcfa740c58036192dc

SHA256
6d036442af94f717216df31f0a8a6901d1c9850578fd1a666e39a5079dca0f44

SHA512
27770ca5f4dfc912f8796116ef00946f4c578f5fb72ae19ae650d0aace3f89935cf2a884e1f26295b44de44e9440f6bb82f5ea7da0e2873a181214046b5d287c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4f6d58ec78ed2a65d33079b0971bdc66

SHA1
b1c21ce134f0c2e724273e23e73459aa59fd79b6

SHA256
01252a8ac14c4e62702935556c598bcdf9221724956a874090ad5e6679220c0d

SHA512
1d29e624c9b036718ea3f5a4177e5b16f93abb1e8cfd83661f42a6b13de14c77b1f551fb688703a6b31e7c54b005ca70a0e653213781d220c5283bf8951d5220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bc5452c337f9665a87d7b07a88035201

SHA1
d93e77d205073133b4ee2e305f139923660fa782

SHA256
1cb9eabb0b09bed61d9ea17824adabbf4076441cb7b5bbd8f44ecd3224c288dc

SHA512
9bca4608fed4b196156f3425cd7d77592fe84d2dbc9dff2e0b5dea163753d1dfd18426f2132312e8c377c45b9fd3d298e494f17f3ed18c78a445aa71983edb6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4045115e453b9ed10fd0b7dd9157d03e

SHA1
fc6c02ff808762780bc082ce02db5418c470c566

SHA256
b9ea06262774ccfa39df610a0b7430cbab5256556182b4f19ebcedd152d1dcbe

SHA512
cfb0271b7432de43a4b095a753dbf4ebabaae31f16e65f68fef0d1776df0a36696d7f815ac50b87d6213b22c5d5c02f67dc694816f7a3eb8c03e2881ceed9c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
91858cd844eff673efe813f3bf17651b

SHA1
96b0c158a29b8e7f0b1f06e52ea3cee01c14569f

SHA256
e5d06640671b0f62524785d3bf38396b808ee72e8b0524636bd6d1e56eabd15e

SHA512
40c294e97e4c18be717cd5d68a8ca6bdba46039641eec07494c717a0c712b495a10a9009fe051c9948b4988adf5090e759cb16f263b6629cd935d6a85feec491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
a2d650d7da98de7a1519b1f923bfc562

SHA1
84de648947d25f8159ad156bbbfed41a2f0d3187

SHA256
fe3dbd62256cb6b5db43acdc8f5785aa967ec32459428e2bd563f42e0ea1f10b

SHA512
5636345c448ec276ab74211998f9a8e34d7c6e2802ff6873413edb679d56646c173b382206d08608ce467a19a7bde0adc3b47a8c1b74fe1ef0424e04ee8f6082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
4e8cba0c6cd611d871e2eb7d99da8896

SHA1
dc36fe4691f113b8041239d990169440e6786a15

SHA256
fd3f8452a9010f5fe3674a62fbf47a0e6fc155a0ac2655178f6921645f4bcf01

SHA512
7e7c19d8155367e85065f11b7f76e293f337428fdead17cc5b5a9f81483db6f67d378da414be402dfc0b95380dd2f420b73f2423865e43616b40df0141f51bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
947e55ebd2395942a1e3d2144f9eb5fe

SHA1
7a62a4145ac70e49b571f3dd26ae5bf943942b60

SHA256
ba281e5e360d3f264733f3b615f14e82daa6bd694f64947f2e1cf072797f6d1b

SHA512
42c17b15d948313c55e4f9ba8f631871126b2e90c1330dd4f6f045fe8107bc75af382cb54efbf6f46ea3a5fb4a50e85cd12075dc98f2f02ff60c019cf3100a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
3c0d02750b438770ea74e09fc97faabb

SHA1
d10cffe5901da1ee46834e4a0c85f756cfca87de

SHA256
2db36ce7eb29ba1f0e377c992182b38cbc226c94430d8789fbd423528a255bf1

SHA512
dd82bd9eaa65e747d910e15f05bf9a11d1011b56581c1ac6b5d16563b551a0df39a6c477b5e93959fca53242dfc546c57b3324d6249fa717bc5f41f7a6596d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
46fca0b07b7272ce411b33444a531ec8

SHA1
955456cb09ec03ba9f4401864798f277fdd177cf

SHA256
df1f3e9e7d36487f990391e60af6027820f03e1d54848429e2947259195087fb

SHA512
558b65a8e1b161dfa401ebd63e703954d8777fd82c0db4157aac07f3a74aa2759397eb12763d591f07c10cf66f9c88d7ddb77fcb2d00f9124ef06bc472c5403f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
cb17d606ff2f7a573f530c1fb7c1800c

SHA1
09b184bd91614bba480c8dbc0870ae988e833d39

SHA256
45617808bf8a87e1954a93c9eac8a81e1d585986dde030b7257c1c88b92d0a15

SHA512
e7dbbf5c133c72389db2768350888762bb7243f9ee3022c52f412c7d3dbe3881a717c6800f8b95c7673bdb323d55ede9f994d7b38c8e04744c51ce63c1606578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5bc58f.TMP

Filesize
88KB

MD5
1049cf723e4bcc038e597ca3a0045147

SHA1
a4a913c207108d9399f8414cf69664244cbb0cbe

SHA256
f6d77122838682602803cd8f894b620d1f4880d09ded0a5b1776fba8dc6a99fc

SHA512
1e5256a09e182eaf5eda73ed35b73cd5a7400f2d7b9516363e1e6329d418c90f640f854614a54c4bb8c44295d5c41a3933cb83b8db032d8af1d91679d88ba7c3

Download Submit