24d3ba8ecdab77ff61e721d11f2609376d96cf659e69e009fa5025304d1c504d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02-05-2024 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

libresprite.exe
Size

9.7MB
MD5

f49f50607c8996a5feb3137f799ff405
SHA1

127364c64b3b1047aacc08f9fa768c9b19fc51b9
SHA256

24d3ba8ecdab77ff61e721d11f2609376d96cf659e69e009fa5025304d1c504d
SHA512

983e56b47d6e6bf775a687947413a1b6c7d0862730cc54c3c3fed4cef440c7da8f87580c61f55ef28725cacfa3f783271e9105b811756b4ac70b8ec1a50da224
SSDEEP

196608:zWFqJQaNzJ7OKwb8gUfuntG1hvT7v2ub6dg4gIiUaZyBfhvq++b9oznImRp46z9h:Cvd+TJ6dg8+v3/DsdO8bG4UFicRjJQWa

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591660554146771"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 4320	2156	chrome.exe	77
PID 2156 wrote to memory of 4320	2156	chrome.exe	77
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 4556	2156	chrome.exe	79
PID 2156 wrote to memory of 2108	2156	chrome.exe	80
PID 2156 wrote to memory of 2108	2156	chrome.exe	80
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81
PID 2156 wrote to memory of 4588	2156	chrome.exe	81

C:\Users\Admin\AppData\Local\Temp\libresprite.exe
"C:\Users\Admin\AppData\Local\Temp\libresprite.exe"
1⤵
PID:1388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa58029758,0x7ffa58029768,0x7ffa58029778
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:2
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2848 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5152 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4612 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5412 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1872,i,2948042816566460432,2088914014528328308,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4756

C:\Users\Admin\Downloads\libresprite-development-windows-i686\libresprite.exe
"C:\Users\Admin\Downloads\libresprite-development-windows-i686\libresprite.exe"
1⤵
PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\107dca16-a16a-4cc7-9079-95d743445847.tmp

Filesize
7KB

MD5
b929c0cc953df5f5a43ce356089e6d47

SHA1
862c6a37ec9ac72922a5d5cc4d2ec87e1b5cb7c9

SHA256
436d38ddaaf3fea772b0f30e1dc757f7c041a7a21614ba831becbe11ff625cc1

SHA512
e5ae2a17e6c2c0bda510c82f22ee0ae1c16c0f94fbfdfb0a851264154db2e879477fc6043b030ef8fd6c513ba5e226141495a90cfb4d694aea23d62e3521abe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fad5cebfdcb1adcefa612aa7f900d95c

SHA1
7802b0701365ca9fc4e295a653d655a6c77dbee7

SHA256
0bf70359dac446b88797b075a478c74209ac195af2674811e3622721ceef0175

SHA512
6b7d3bd47d020b81c8908641d3c56583fba480dd5f3edc8ecc010f41b35da2485c0837ded0dd8e97c331a330cbb50a6d8124a0c6e0e92cc9631188c0cf9c32fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ed2bd9b39fd39e9f6985e68a0c09ed86

SHA1
b856e545fc2b7228efcf3bdddff5e39371b2f676

SHA256
bf2b4a4e0feae0c56d1efab95b2d5486c89b86c16eddb61f33b53d770fc3834a

SHA512
54af4fa0084475e2547f58f3f8f27701767c225baed8be84a60cd915fad43dd10e43777eaead3b8e54c07a119f76c722ac082aa30ec4e60721cad3aa9f57243b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9015a0576a9e24f54232e4e5c343dc5e

SHA1
511c22db9090469cb83d48994e8c3a6d6a4423f0

SHA256
14e129b75000715f1284cb4c99cf75d886c35912fd50d47049072f7177700a12

SHA512
42f4c77463401c6db4f77f3b9ca2dde4c47ea52579d1575e6bd8ee2d48ba0d2a2ce46a75001e6b8566b1198eb2e21c29eeac9f6d57bda5bc2c87ff91c7c78474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
8b2310bf436033a10aa0c61d5dda7a52

SHA1
12edcfe8a3b246a7d8886765401713de653651cd

SHA256
d8377485331fae50988f76bb684d3ebc9dcb4c2197ec5045377dc7f72d2bb4c9

SHA512
4d5c901d03b63fc5870a06137001baa70e7837f4b2b8403fd349d304f18c256c93251648851b32e2a83757c56405cebcb15e809f20d8973c2cea395771c37675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce38ba6d0b095d55eefc9d3a4a86c410

SHA1
b7d0aedfb04a07e4fc06f3ca8d2b57e7af2af809

SHA256
3f789cba8c223e0eddc1bcd72e1a1061d916d89dca972f68946cc5aab83d0e2f

SHA512
f9e6e1a25e76d5def271c1d52b2dcefbe3374c4715255f8b28de31758238f52c0fbad85fa9315573c81db023776b933b21015793300a3418e7b5305d0e3be037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c4e4481c3b0f7922ce523957b71fc548

SHA1
e66175873f39ddea89fc7b34d38ea49ea62a6a55

SHA256
c8234d74d5ef1e90f0151ead0998551a82e673a0a75197b9cebb7ba5cf63c1b6

SHA512
1c5279dcf2078f89922553fd0c4988119f3983068ac2db826eafca7a90a9bbd2376289fdc7ec55b543781a2c4f5d3858382932e583bb3dd517e5ff0930a8fc07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1e3b1fc93353e6ce358bd80e2fff3f48

SHA1
0b5f16f77f6acfc6ad85625886450c567e4cddf4

SHA256
acdf5201f8ba67244edf60e3b5612c3eed1d40cac26c4df20ed6e4da0b609163

SHA512
861824ded7bf53cbf2213b698f465313ff836d64c853d4c93212dbf341c5914c97e24cc49553b5e5e514fdec4a79e0ed4c55588883daf5a11259bb33c51061a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80f22dc1fb1218bf0a5306002832cff4

SHA1
01d2bc79e5af4d691552de320eebe33a8897eea0

SHA256
2ae16b49ec46886529d806c5004f668a8ed71636ae36b165acdf66691329ac70

SHA512
346a6938d049be68c9d53c12bfc26de83da1c9da563b915fac9cf5f6dfba9435847702b1646a1912c406e34688b00c70819939d427644b1b597e861a4f482a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
97313db8f9d885a395369d048de37078

SHA1
c0812c0fa27c3a654292d75962405cd3a4f30c67

SHA256
fa4607dea7b2eb0e67d38b300ed5062f4773222b47bea86895de2987b9350d7c

SHA512
1a74fdd611536575c49ae622f665adf84633c84d8e4dcaa45ed323eae5db89ff21f0e26f9dfb70bced78b79dbbe2203dc696e571e903a9702d4193e572777ea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
208be7d533286cfc652a90e795abd063

SHA1
83177ff98bbba8105efc962ee8ebf45c1ec7adf9

SHA256
89f27fb21d9be1bb0ae79d97a878b48426440698f503d99d1d35fd61fe81cb18

SHA512
6d4cd0acfbb8d8e673102fb431e979077fafbbed43fdf497b57c89cacc2c2766274ef9445a9d20d68af5aa8a99499a1d933a75116f89390d84caa74ae57e56ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ddce0faa-c878-44b8-9920-240c6911390d.tmp

Filesize
15KB

MD5
40c3721a0c7a7e4fcaaf6c668d1fb128

SHA1
3bd199fbcb2a0c04801f50a5dcb09cfa25d9ad7d

SHA256
768811cc1e50e205a2aaff4e2f471edb83da7ab5836dee859e9615e3824dd358

SHA512
6bcf1a68e734f6d0c0f3d2acb884ca4fa9a4a194be6b1afcd7e9947422fb9ba02854250231a20248e1877dee344c275eb876aa7a52e48ec26494c1f1e3d9307b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
2ae124ec03583447b687dbf89ad889ca

SHA1
af186674de593629dee911bdd2baa55684a22c82

SHA256
8d21ee340896b2d4b1d22ef493a4de041c886d81e5f6d80769e78d1c26d41d07

SHA512
0dc03b1b7a1cc4bd59a58b459f50ddca14fe522f7b4c5af93a17b9a00b418535cf3465481dec085a5e3eef5a2a354b5c85bbe74952dbdd84479622b6e375b997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
274KB

MD5
b2963821278556fb81c388925b824136

SHA1
67e7d506fad57e965a86e0eeb50418187957ed01

SHA256
1913052e4ce759ccb056e36b14332d3a08cc1a59656064900ef6d05953183110

SHA512
300521b5f6593d04069a86f9fccdf1fdaef72d2b25b51cb3142e69e56fc80488c8dea3c0b22d84751fff45e38af2f86821a7ebe20554fbefacef1d3a7123c818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
991c42b72aa38db142427b79b671b607

SHA1
ab381dee31c55c0e3adafdfef47ff29c59340fc5

SHA256
374e936dbf32f6fea7ed692c1198d439d4254f81e25beee17259a026090c0b69

SHA512
9123f591bc3d4fb3fac022f0fdbad44ca8d9065aec7781699b1a300c84ecad42896b08b418a5ac21b087a70b90672e82d9dfc1759fb229215b7a2d93ac02ba4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
3f0625a61fc306224f40e9360eddfede

SHA1
4970a168c188920193eff9b09f78c0f1d02c6d01

SHA256
c9413b7292ae2cc3d3ad70954cdbf11580465e51d63ba8a03bfe6f956f3bb69a

SHA512
62e59b330255146f90926a5a2a9f0070c3ed3fa90ded86a4be2e76fd9b3622495970d3a40951e38d6b296275ba5ff81c4143b35cfeeb4f056016d8d94bae473d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
1c1ddd1c3533afbe5354288cfc618eae

SHA1
daeffe0e0a19696877a3dcf40588e5b01d3c885c

SHA256
9f439571901f63cc00399ac5bef4c1bc4b798ba47d8218e31e5e5e3baa8c737e

SHA512
fe4f981b20c857036ec88ef48e8ce2391e1796c36c4bb433576d535d0743ffffc0c21bacb947a04921f94c038efe5f89ef10c082417a497531a2de82f418ffa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
bfefa784bea6a76e8522b4853ed9dd5b

SHA1
c72174a6f75b453aa351dd7e50efd10ea589b9eb

SHA256
b54db74524a456dc049667c70015ef80bb359407824b76bad0cdf970ad46fd44

SHA512
16cf8c9c72407ed966a5f22407476d49bb6ed57060d13450579fd801b7a65d896788ada1dca2b14bd8f41b3a89f47322dfa9cba68100f222606bfeb9eed719f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
9e725534a6bac0b80dea734a8ec8735b

SHA1
fa4c8b3e73bfc04354814bdc1c021035d8f5fd63

SHA256
f45a1da36293753f86617cc65e192afa202e89ec833bd6a11599a4d2e8354fc3

SHA512
7e3ee51b29f58206f8874c8c557e16c309fb69f72cdef470d112456c51ed2e37275fa1f6ed79ca27a91f7b1710717559c0a4de48b43cbc57c6f1da7c4e533a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5836bb.TMP

Filesize
93KB

MD5
db44d1e0d32af711d80eb8e3de9bd93d

SHA1
7ac0f7f57e4fc8adffacaa442a78b4934811dfc9

SHA256
48ff289c903ea3d687feebd5d4424d08b3fe8b2eb935de71dd39d88af52efe95

SHA512
dabf3a0c49e00e12b7525540b19a49167f62c4401d8154a0f62bc68b07306a0ba2dbd38ee1d4577a6961a75807c9c6ffba3704d1fb4a790b34b4bd2b39253bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\libresprite-development-windows-i686.zip

Filesize
38.7MB

MD5
119e8d91537953e7cab71ae849a49295

SHA1
066caa9ad2d344c4db9438a9fe28ed516792f21a

SHA256
f3c1134416f0948d876da78681364d783bd47cad585866d086f74b9ed97a6655

SHA512
0d2a4d0e00799babd354ef6cb9b0a217a5552e426e3948debde74c4c7f3be86684ff0872acf219af5bd373f9fc668b40667198524480cf9f9324a63aacd9d1aa

Download Submit
memory/1572-403-0x0000000001170000-0x0000000001778000-memory.dmp

Filesize
6.0MB

Download
memory/1572-420-0x0000000072D10000-0x0000000072E37000-memory.dmp

Filesize
1.2MB

Download
memory/1572-398-0x0000000072780000-0x00000000727A2000-memory.dmp

Filesize
136KB

Download
memory/1572-399-0x0000000001170000-0x0000000001778000-memory.dmp

Filesize
6.0MB

Download
memory/1572-406-0x0000000073A90000-0x0000000073AB2000-memory.dmp

Filesize
136KB

Download
memory/1572-396-0x0000000072A50000-0x0000000072A83000-memory.dmp

Filesize
204KB

Download
memory/1572-413-0x00000000732E0000-0x00000000733BC000-memory.dmp

Filesize
880KB

Download
memory/1572-419-0x0000000072E40000-0x0000000072E66000-memory.dmp

Filesize
152KB

Download
memory/1572-423-0x0000000072A50000-0x0000000072A83000-memory.dmp

Filesize
204KB

Download
memory/1572-427-0x0000000071BF0000-0x0000000071C05000-memory.dmp

Filesize
84KB

Download
memory/1572-426-0x0000000072780000-0x00000000727A2000-memory.dmp

Filesize
136KB

Download
memory/1572-425-0x00000000727B0000-0x00000000727D7000-memory.dmp

Filesize
156KB

Download
memory/1572-429-0x000000006FAB0000-0x000000006FDE7000-memory.dmp

Filesize
3.2MB

Download
memory/1572-422-0x0000000072A90000-0x0000000072AA9000-memory.dmp

Filesize
100KB

Download
memory/1572-428-0x000000006FDF0000-0x00000000716F3000-memory.dmp

Filesize
25.0MB

Download
memory/1572-421-0x0000000072AB0000-0x0000000072D0F000-memory.dmp

Filesize
2.4MB

Download
memory/1572-424-0x00000000727E0000-0x0000000072A44000-memory.dmp

Filesize
2.4MB

Download
memory/1572-397-0x000000006FAB0000-0x000000006FDE7000-memory.dmp

Filesize
3.2MB

Download
memory/1572-418-0x0000000072E70000-0x0000000072EB7000-memory.dmp

Filesize
284KB

Download
memory/1572-417-0x0000000072EC0000-0x0000000072F7A000-memory.dmp

Filesize
744KB

Download
memory/1572-416-0x00000000730E0000-0x00000000731ED000-memory.dmp

Filesize
1.1MB

Download
memory/1572-415-0x00000000731F0000-0x0000000073202000-memory.dmp

Filesize
72KB

Download
memory/1572-414-0x0000000073210000-0x00000000732E0000-memory.dmp

Filesize
832KB

Download
memory/1572-412-0x0000000073450000-0x000000007348A000-memory.dmp

Filesize
232KB

Download
memory/1572-410-0x00000000734C0000-0x00000000735DA000-memory.dmp

Filesize
1.1MB

Download
memory/1572-407-0x0000000073650000-0x0000000073A8F000-memory.dmp

Filesize
4.2MB

Download
memory/1572-411-0x0000000073490000-0x00000000734BD000-memory.dmp

Filesize
180KB

Download
memory/1572-409-0x00000000735E0000-0x000000007360D000-memory.dmp

Filesize
180KB

Download
memory/1572-408-0x0000000073610000-0x0000000073647000-memory.dmp

Filesize
220KB

Download
memory/1572-404-0x0000000073B00000-0x0000000073BD3000-memory.dmp

Filesize
844KB

Download
memory/1572-405-0x0000000073AE0000-0x0000000073AF1000-memory.dmp

Filesize
68KB

Download
memory/1572-434-0x0000000001170000-0x0000000001778000-memory.dmp

Filesize
6.0MB

Download
memory/1572-455-0x00000000727E0000-0x0000000072A44000-memory.dmp

Filesize
2.4MB

Download