xmrig | bad303ed2137a6176cb437bac01791856e8d5d89698ae72d7e3d4601f94b9cb1

Analysis

max time kernel
240s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

updater.exe
Size

7.8MB
MD5

87beedbe66a91619f1a4186ef85e052e
SHA1

9f9b24022d0ad059fd24a2b9c94cdac87a399184
SHA256

d1ea28dee35382c510a49e4304ed7cead25bcee5cc869c73c9c53f333139e060
SHA512

f91a4d29d55b990c568eabc51e685f054f6d2a5fc42bf0f8371c435f521c752c9dc582ec0a52d98a03253bc6b09d26feb0a9bd2b95dec55403ab73374b9e4cb9
SSDEEP

98304:P+U9oUzsxBTVgMY9Sh+a+XkHzrkg8wBYzS0XMqdazDU1Cf1bkUTktjT1/TW2L8mq:EVBTTT/Y7Te1LWZH7lDskNk1ws

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral6/memory/3672-1-0x00007FF6A3D50000-0x00007FF6A484D000-memory.dmp	xmrig

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595825271563121"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4200	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious use of AdjustPrivilegeToken 57 IoCs

description	pid	Process
Token: SeDebugPrivilege	4200	taskmgr.exe
Token: SeSystemProfilePrivilege	4200	taskmgr.exe
Token: SeCreateGlobalPrivilege	4200	taskmgr.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: 33	4200	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4200	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe
4200	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 1168	3860	chrome.exe	111
PID 3860 wrote to memory of 1168	3860	chrome.exe	111
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 4440	3860	chrome.exe	112
PID 3860 wrote to memory of 444	3860	chrome.exe	113
PID 3860 wrote to memory of 444	3860	chrome.exe	113
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114
PID 3860 wrote to memory of 4492	3860	chrome.exe	114

C:\Users\Admin\AppData\Local\Temp\updater.exe
"C:\Users\Admin\AppData\Local\Temp\updater.exe"
1⤵
PID:3672

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd837aab58,0x7ffd837aab68,0x7ffd837aab78
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:2
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:8
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4612 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4992 --field-trial-handle=1964,i,11314786768775234746,15198547486831532502,131072 /prefetch:1
  2⤵
  PID:700

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1f42a1594f8f97ba90c7588ff47e0103

SHA1
355a96f96cbd49df4a551c5220714979177e239a

SHA256
255555bc3eed6628c6c9cdb341882342dfb735326a128b46f624c861bcf768bf

SHA512
acfc0d97db51b7fd9fa3e965355f0d5827879773614cfd11ea018f443540080b0d5f880c664084da57d4c9557915590a67c8503366a0b054c92336ddc9f348c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
28d7b115153f245fcf328a5a5e35e2a1

SHA1
cc8c98a98fd1cd006dc54b1217f597f49a9f6d41

SHA256
2d5013eb67ce0c098a562f1bcb583948884932858753f7700117760d3ac00f97

SHA512
be3594048a30038075ff335c88708b8b553c49e2d74fe078dc34be2b038fc5ad8370a80e4b24738da51bf149ed700c68644bdc2b65ef033402ef15c037984037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
20cd134b0c2270c7d5e7a26eda094fcc

SHA1
0960d64d33f8728d75f35a25afff79a5cb2050b4

SHA256
8dbd918e16035b6cd3e0a12672f9be822529ce521ea558697cb0aa51d348dca2

SHA512
3615a979b62645f3f969ea456891e86cd3ddc1d176a14427028ce1afd25fcc316f875a35c0fe73ce808d13d8a17e7c5259e810578de380698404bc27bf76547e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5b9b4e6a1ff907902cfcdd33d92ccc96

SHA1
59f06bb84a7e2ca773a232514599d16713c4a836

SHA256
6c782d6a7cd43940e575b3aee73d916a94dfbdd5d23a34fd9cf6686cf8582cf6

SHA512
00d1034cb15f0f55fffac8efdef53b04ec01560950bee3111d91a7a8826445df6b314a0f3063901a4682d2d1575d2711c3edc98ed6425c100725617b17d76849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
374b26296e3e11a1738efec51011a197

SHA1
6ca4a7d29b9e6c9bc1c523b7918c46481cae3e13

SHA256
3fe2d4a44720b4f8a188a4ae2dac1710ab9d5929b42df9419e9de9f8d92136a6

SHA512
0ef1824e91fc0d35167bd073d4b1f99ca1ac00a6d6de226a87e1422ebbbc07fd3cb99fdacf96115d39c024f69b8eee5c841d675d899ccc2a8f051211e1238e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
724eb4607ac6babb7b3582673a1b7b47

SHA1
9cb5dda941b395593389cdf77fdee05c31a5f93c

SHA256
f124e6bdc62a17efd7822757b77cabc9cc4aa7f7c02abc151a5bf1278e6ee85d

SHA512
55a12c1d69ccd85b1a8c6c533efa71a4ce436c5d65cbb4c004a9068d357ba49a4074d1fc02c8cf68d68bf90e04af3694fe13a9e87de1b933aef77ba7739427f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
9002cfa074905bcfc82e5113185d4ce2

SHA1
c4e68611d7b5bcb4f168419725e47119efe4a180

SHA256
9f02a4c6d42a68f5a49577ba04022a3d3e03d87495197e8cc098dbdfcf4b1295

SHA512
b83ef3463f3a0d5c025212fae2d9010a54e5238ad54a0f57e9bb416ba474600ca713369bafc88f90587637df3956c04f296bf6baf91644e7e928f1de51422a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
d4020467fa1c2af96204ead2b6f33205

SHA1
48349a5c9e0ec8f7ed41600531db2cf142027fc8

SHA256
3bf0a4d095a8d8d38c3385dcaa0118c642b6d1371895e2e7eddfaaa48aacff52

SHA512
c279b93d4e116af6c072e3d09f70e83733272c4a737433894775ce4e1b1f6654120c87da72614fa02bb7e1bfa38bce105478f9af6773588271e7da1bdcc4553f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
13daf44a4f9f65dc9039647a8ee2eaab

SHA1
a08f1f710805a9e9595ea835f873c2fff969ad4f

SHA256
66d5322630ebea320825006bf6ad0a6fa0624f2a1071749c63c21250a204058c

SHA512
6a2ae1512ec5f9bba3bbe6611fb3a972915aa9a4f6d2a6265191b4e950b337bd5f097b4a612c85567f901a79cc4528d8650bdc3eaf96c4e1c572e87003490da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/3672-0-0x00000215D8F50000-0x00000215D8F70000-memory.dmp

Filesize
128KB

Download
memory/3672-1-0x00007FF6A3D50000-0x00007FF6A484D000-memory.dmp

Filesize
11.0MB

Download
memory/4200-9-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download
memory/4200-10-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download
memory/4200-11-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download
memory/4200-12-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download
memory/4200-13-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download
memory/4200-14-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download
memory/4200-8-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download
memory/4200-2-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download
memory/4200-3-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download
memory/4200-4-0x0000027ECB410000-0x0000027ECB411000-memory.dmp

Filesize
4KB

Download