hxxps://docs[.]google[.]com/drawings/d/1BLZm7P-r2sreCT-sQhrctSRYGoSLQZp80DxQn_Nq7QY/preview

Analysis

max time kernel
119s
max time network
122s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09/05/2024, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/drawings/d/1BLZm7P-r2sreCT-sQhrctSRYGoSLQZp80DxQn_Nq7QY/preview

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597401566639128"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 4788	3328	chrome.exe	74
PID 3328 wrote to memory of 4788	3328	chrome.exe	74
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3480	3328	chrome.exe	76
PID 3328 wrote to memory of 3232	3328	chrome.exe	77
PID 3328 wrote to memory of 3232	3328	chrome.exe	77
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78
PID 3328 wrote to memory of 3444	3328	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/drawings/d/1BLZm7P-r2sreCT-sQhrctSRYGoSLQZp80DxQn_Nq7QY/preview
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff98e749758,0x7ff98e749768,0x7ff98e749778
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:2
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3752 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3328 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4916 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2900 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4964 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3304 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5296 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5356 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4832 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4452 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4464 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5384 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1924,i,9462617258518816758,5494890637678263268,131072 /prefetch:8
  2⤵
  PID:4684

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
d73e20e74e9173995eb9bb3fbc716690

SHA1
6be4d3310d55075d90f88d4f9f302a1b6ff02745

SHA256
95c181009c277d31bb2958d9231783ada289c54db5f3de1e418a359bb41a77e0

SHA512
59d6b47e77f82c502220894b51535fc7eb9973696a356fde066b9ad8dcfb259c2aba09df9392bff2a63f6b230cc82692160a47ef73838e7ec71fde04f79e3c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
afacf4f8257f657a35fd2b3825824769

SHA1
b573baff4fad74c2a88a9c6129d517d182e64975

SHA256
431a27181c0e89cb8ba9c2adff97cbf8ee1afe0e4bc8e4aa8c38350f576ef686

SHA512
f5a594cd782777ec6fec720f331cd62f16394bc20288aa50fbf6498bb14810e34bd3b434680b3c81de480822ed73e8341f8d3e37ca7c22b867d7609400002961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6befc7f2551a262c7dc6758a19e45072

SHA1
9f27a357a7969acfa72917bdb3d2b3e48724fda3

SHA256
bc1021bc5fe1a766312e0656ed5e0b925993536e8c994488362cdc21ffde30eb

SHA512
90c88e4c985b79722ed601d1ecf7446f85698d008b8175da3cb90d66067ac99ab226bb737a502798183f188ed59583048bfceba8680167656bed766ae761017b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
085651dc8d482265df02113d1344e8ec

SHA1
cee23305120bf000b711e0fd723a9b79a9c065ee

SHA256
056e1ef0fc007ae2397b4de491da48d3fdae783ad37f6ff5e40d59e900eb80fe

SHA512
e10763705d1c2e5ad9e84f2bd2062849d4f897519e7bc890d4402f4346e57f91955d76c42d61cf71e3dad9412aac7cb4f02ad392f4a0967b1b8a5ccb77e8fa07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c739b9e993850c48d2321a212b00b27c

SHA1
31ccd82f1882f53753a13a7f91665a8cc1b45acb

SHA256
74c49b57efb41eb259ab9e1ff94d43a68a4fa022ade893c56de5f856fb48150f

SHA512
b657db10e6f29679410406ceda802908519957056f63aee03fe92287d3331769e2448492c0f2a8015c1ccac4a36eabdb7a40c58504622479bef3d878835b17e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a8e46ffb5d79bad0898468a32a3929cb

SHA1
3ba78f1e5d1386664133dbacf4882bad60e4c48a

SHA256
3a8526cb3560671286451533ea586dd9f6db4cea8fa915dcb3de2b90e1af4b74

SHA512
6057a9daa4481a706de4063cf1c35964890532e0a96f6006d07bbd0a5993247944f3008723cd8fe7c7d9202907f6270a91874d1a7c9566d266e3ff28b6c91c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
614a06ee06d105cc83dcab6a3f5ba4b5

SHA1
3dfe13c71dd74c7d3aeff9451e376d89cc7b21a7

SHA256
ef0536aac9018ca31bfaf12b3cc00e44cd3b4043fd3ecf40177c7eb45cb7a743

SHA512
1fa23f38debf763af51d37ea0a8df1c420b0c0e0bed5b8bc1b9385110a8400300fb80d534298b97ed5038e35ffc30d3048ad71115ae53d832d6e2d1cae7d7b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
90d474bf2150b522b6cca565263c7d8c

SHA1
ac56cab43bee21aee712bc264f8eadf7be0f1f3d

SHA256
d8eeda47799405d6ca6790842ef95e3adeb50451708e43a516a5ad036b9eefe8

SHA512
e906c0b5db3d32210b69a5d815225a09b87434d63189f4ca5c8bb1994162a0bf9b539689d13beb360344b221b34e47c2c24a2b7196af71cf8410f8b0266e8ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bc4c4585-24a5-498d-af0d-284ebded9cf1.tmp

Filesize
1KB

MD5
0de0be2fff7a013d4176c67e6d9ac480

SHA1
5f7b383f8d866dc86377844872473a6bc7784c15

SHA256
0c6b4c0ba1c9cd13c61f8041b04ebc9ea075b45a9f3c90ad7dfce6a69dadd4bd

SHA512
a123b269395e89a27111477a64e313c11d375ae6fbd98ff15a9e0427bfc434631b790c1034240acaa4f90145ba70ad5274cb12baf7f5597af751f5318a1eeb8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d1cf929e9f8cce5d27b266140449468a

SHA1
bf65e104b1516129bd06d534e67cc6db7b05ea29

SHA256
53a4a9335398a4c2db7dbf644a0e6965811baa6209d9232cd369b7f24c5b4aca

SHA512
59aeff7601c3d003c5a24f582a94c85a00feb9eb46eb6563d5e80227e49dfdf434b2ffb42fbfb6c9e6e4da978c684a75935a64b3d2639bb168b8796ae83118be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6207afe3761434ed7c36b54047c8c44c

SHA1
3aebf99f1b88e6187cccac1687a0ea13795d8d7a

SHA256
4aeccc6a28dd6ac05dbcdc0e08455191ce8322388ee0006cadc4854dd843004b

SHA512
02886895f87ff0c3f384cad3c7d83fcff9a0c6568da95cfaee368e3bfc799d0e95456808443b756df7815ca5a8a26bbd558a1174b28fbf5ed5ccb0ee62c12041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
317b84b985b11c95625663df77e773ea

SHA1
f0a1dfaad885d6ab69e3fcedfb0894b3e127271c

SHA256
eec6d27ace4f7a9e93d6876dd606ac74755c1417029765074a6b4338fd45dd7b

SHA512
ba8e5ceb7cd3d46d09a20bf32a96268e7ab2b8f15fa6113e7b98037316806b33d02a72e07c6a750906b6f9ddfe493ef4897f38800d8bc15b045f192be21058d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
48a685a3fe2bcc0bbcee06c59d44494f

SHA1
a8eacd74cd0a6912533cf6250c2be67809652b65

SHA256
77d5dd83d3b6f9fb6ad34cfaa910dfc6da232e4c1c4d083b64285a0ef2a2fe2d

SHA512
7ebe142dd52eb222ae7ad6ee29ca6f4edfd60474f3d74d79d2048357410265caa1900307f4ce70fb7e49e8af8bcc3df5f5a805a5b3d7d19c092c48c2fd6e5790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b6c228f9dd10112a7da242d0d52a8803

SHA1
d19ec8573329de62221d78b7fe9a84bceab81f1a

SHA256
a20cc46a476aee5eb344813d04e86f91aae34f9ccd9c38e670475577bae0ef31

SHA512
6f5cba7625289ba6854ac698a440ae858b74116378a079e47c53d5446931a029310279ee8525f60df577fb9cb9255b0164cfd21b96d49514a885074bc79cc767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ebe6.TMP

Filesize
48B

MD5
02aa4bb830b8fd6e1ba81d112312994c

SHA1
66b8c348cb7ca473465341b1645579bdb11e93a0

SHA256
e45286c74ed5328f536a124cc02ff20caf788d877118fc1e67d4dbe496a26de4

SHA512
6f0bea399e188b9b88e6349ba4d8ed42df6b8afdd4c5a71b9921954a84d1f404b87e4048b2c3917e1b38bbf9a78ff84e79cf7695c47307332397efe0805e53d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
186KB

MD5
f445f79c24607ef29c30905c324bb540

SHA1
9f3ae21b6a25440c35ef2a1edbeecde9fa8319f6

SHA256
0b5ee9fd1b673a99eb1da48cd78da4d530af6557afdace81ce8f80a6c3810f7b

SHA512
28a7df902c151650b9bf65f55b115f0ec034107e8710ecfc185c603fb76956f45e1706e8300c1b512f1d850140a4c846d432671abed411fac86049d6e3c0d7d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
d6e32533f5eeb30c9b87ff6803b6319c

SHA1
db9975fefa5fecf65739e4c034e3d8a7dca67309

SHA256
8db0f807c91cee9362936312099b5ceee07342c39453fc5b8c2e25abfcbb3363

SHA512
758cf64c06f310dcd147f64a0c27d45fca20fb8e1a39ad152a637ce423eb217fb8ee232a5081ef1cd16da867695c0e0e0d1fa207c00f5c2681c701dad7c22fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
0063da69c0bce1b64f3d055487364d4b

SHA1
a6ed0c6582c7936cc15af6b194dead50d96037ab

SHA256
362b510bbd5534b9998e36d7e0fa8e867679e0556f478993a4f102be81a58bd5

SHA512
0dbc9940cc0680d055203319628fa49a8114aa0121938995b35c65e6cb1a36523a13bc25ed6560f278033fb30ff633feb783740ce190d7ab1b6d2773ce14955d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
37ea922b20b7f7fa9768a4ef672967a4

SHA1
9258612108d34acc77c22f864faf9c922cb69306

SHA256
a44214a21facf631f24d6cef84b9c10c973e13dfbafc3d0dd0dccf6d3a50baab

SHA512
c4ce2a3900faf71b3ed24b8681dc5e8fb219fbad97c8c043a8a7b28028e87a78142d7122a7c4243a620bba1cbbcc4be1624086bb1eb7c37d675b2f12708216f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
8e8406f37a961a9fdd0f082963eed0e1

SHA1
a9b8ad0b96223e9fa49a491a056f53197152226f

SHA256
7fa89484c6002ea563db97ecced2303496401c1c2a37ef481da7d0f698f5fd6f

SHA512
d3a20a6730ec7f1ecfe8cb005625a902e05816c992817dc678c9cfdf831aa058487361e81f28bec4fa388bfda4c9ed71563fe2d830d1d2f50170de948c2d5d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
6c0469c3b30853d47b948d08e07437b2

SHA1
b9f242486f273028eaf9ba0ebc099dc5c4085646

SHA256
f8842e1fe8cc50fad5cfb50e5f8c1b7f03bba9342863f60ce8ed18a969fac9fb

SHA512
502c03637265ebbb03667d8ad2c750b6fc099c0984a066cd30a7e81b73de1053f955cb97fc69cc83662ee17ed7f9c2086e0864ac4ce9132d9fa04f53fa26a5b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
8e999fea357ca102b3343537c087d027

SHA1
c86ad3d2440b5415fe6955be95fa559f1afb2bcf

SHA256
db86eff38587fefc0381cfa8fb4479810bd99aa029d3490d7cd6631f17a84f7a

SHA512
cd954537e743093e24efc7a78e7a467d36b64430fc48251544ad8f69d1f536e31ee14a76efdf8504f3fedae9e383aa67be13dc98db52ac2cd59edd79ac7c31cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
4a8e9d822ae8819afa0473295963474a

SHA1
c125f6c36475309aab2d8ce95d9dda4aad388561

SHA256
e0653358deca29d463bfd1a8689a00afa6da9932211a8b1f097e16635ab55b35

SHA512
1f6ad13616d48c7ae655726efd99c981e78fae6a5f047005300c2a193fe86a6f9ed1c069ce040ef68e9c6692c8fc59e29e1b9d0a09d76c13fda46745c22a9c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f4c0.TMP

Filesize
100KB

MD5
3b6400115b7b60ad2d35e68cae3c4fb2

SHA1
399945f1ef26d6f8e25119c898348f2b5eba02a7

SHA256
2f2766e0561cba1bb44ed01a940e6e4c89f60c9d22295a94cb4758e5a933daf2

SHA512
4f103d26a9147166431587f128b24122b8127f2daf23bf1eaef845760d9f1133c5bf60a7e835a5b80e900878facf7285d079d72645502c7a7026dbdcbd87a63e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit