fb025a0aa34315c3287c087cc598598732f8e96cbcba4cd5ea2d728a270e5467

Resubmissions

12-05-2024 04:36

240512-e8aqxsca79 6

12-05-2024 04:26

240512-e2tkfsbf56 9

12-05-2024 04:22

240512-ezqqsabe56 10

12-05-2024 04:18

240512-ewyxzsbd26 8

Analysis

max time kernel
1050s
max time network
1006s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 04:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Synapse.pyc
Size

1.9MB
MD5

250918e06dd744f05d0fe31a3ce1a43f
SHA1

c6e73738b44f91bd0ac1caf596600d8035e83522
SHA256

7247caf33200a867f3957f2bd70a10e6f4fa319a904c0e77a5620de69dc1f3ed
SHA512

bbe956c1a5a32ed23327ac363a886eff70a607b98dbb756bf89d62d52bde0363e0dd37023a771a4d3788049fe43035ae9ca96a74851fb0b2da2d5396af8ab0d0
SSDEEP

12288:doLzJrwkD2KvY0xVd+KVZT7lJAtYc+lZxLfa7l+XB4TYpInNQ:i

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
80	camo.githubusercontent.com
97	raw.githubusercontent.com
79	camo.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133599623605691868"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4556	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 4556	1536	OpenWith.exe	86
PID 1536 wrote to memory of 4556	1536	OpenWith.exe	86
PID 2044 wrote to memory of 1008	2044	chrome.exe	91
PID 2044 wrote to memory of 1008	2044	chrome.exe	91
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 4608	2044	chrome.exe	92
PID 2044 wrote to memory of 2068	2044	chrome.exe	93
PID 2044 wrote to memory of 2068	2044	chrome.exe	93
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94
PID 2044 wrote to memory of 684	2044	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Synapse.pyc
1⤵
- Modifies registry class
PID:4904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Synapse.pyc
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f959ab58,0x7ff8f959ab68,0x7ff8f959ab78
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:2
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4044 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4732 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4540 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4972 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4896 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5072 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3360 --field-trial-handle=1956,i,16381283342889966809,5833958209675016700,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
affc28896b49bbcacba031a4863e0812

SHA1
de5db8e027cf7f5c688d2dfc70d8a32de3986ec1

SHA256
4a00505c205f1e6ff6cbc9ba28b900571ef5fc47000b6c39de0c29b8833c4294

SHA512
c4f4511cb8221eb42231b14560cf95259f9563ed1fa214648e8f2a492fb5a0f9d1a00eb8457e5254b65ea9ac54216c1d9994c79d3d51c70bf5d72847a3b6cec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8a6cf65ca229c9b3dd0b47fe140aa2e7

SHA1
8700b7ed6c4d5de600d240eb294e8c3368806de6

SHA256
6cabbdd7074c8eb003bc829d3b9521385efa5bfd9b13010d2573c4753f2b52d5

SHA512
1c848c5f6658c770ea5c6f14b5382e9adff9e3069c5cf30d4156b5f7c5a03ee076d5630a4a322f4938ab3c8f0408466c1c10ab77ad9ce67e6cea71c3ee4b09fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
1892ca5b1306230b1d5cb941b9a97ed0

SHA1
c7c14c268bb1bf9a302e415923b19abc1949da25

SHA256
f72e9739cbe6e32cd0a3103f7cc5be110d6487b985cb6af4e3aa6ae2d8c79161

SHA512
b3dc83e19bd46308e4431e1abbde69e546658d928eea770bed1a203cbfab59ccb16977b1a0bcc3fed8b35ca19d15d45b2e30262d795d3be0f5a05f8d2689fb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7b97d3eb84dd56bc76c4feadda5341ff

SHA1
cec0c1320131e678e4e3a0069f4579574f3f9eb1

SHA256
b6a94ca4f0d93e29cd6ae119171a17fb6e3e229a27bd3fa5415a5525617eb838

SHA512
f30eedc1e760c909dbff48cdad28ca25fabfbe7df9f76c18a20ad02be50616e0b34b6b5ca990df2f85f8399feb2e99b285b84065080299902b30006d98c236c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0e3a24322e65acf1c5456660f10dc5fa

SHA1
9efd2ffc4dad77f12e878457eee653a10185bfe6

SHA256
7b07c078f3136cb771c2d59b3756264acf465be513d9088e34fc762e0997c62a

SHA512
71ba562bc6759cf514014c7d999bef440de86a7eb2e2537054b15403c073b2670a4b72320a6402ae6096a0ecce54c22085e6cc39c3d1e2f92d29b541c90b5375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26c14d7449820a9cbb615ea38e2053ed

SHA1
5633db5eb16e0137f196416603a37a5550b9481d

SHA256
7f7d0fa72a72c2570152f457d4fe0f7b8ef8de3e68e1a6ecdfe6b20a297d1efa

SHA512
b8a80ea669586ec011de6999e051499dd2efeb3ecc53b80bfe7aa8d24a834cd5d83da56bf0fca6bd580fdb1bc06b6d663ba73fd391ff475ead201df2b8a8c29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ad8a74acd6a58388b289600559117301

SHA1
13c8daa2b4fadd4f9e8eb4472a69df3397076509

SHA256
badf765d9b9516b9fa1db376b364b0a0b61028fd526f39897f44c6eb5789fbef

SHA512
4823e28dfe760f028b6b394d49e1ab7b22b1f1892b403226c3086e53147ab8734edede0465ee35c8fd2aa4422eb91cdb4755e3f583ae17354101c2a704724baf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fe0ec28ffbbf16d7dedd5f6866d72dc0

SHA1
3343bfdb03a15e83c69e6c164a4df03d00d71cf4

SHA256
be9656e8715ce8646491ce5979e1578814d659bbbd7ce46b8bcfeac67dbbd567

SHA512
7a93628e458e3eb69de814bcf94debb72daf8f8611153da92021236c8386b4a85450a44eeedb011bf8e532b984b070f8c9bfdcc38af6ef50b11cd52b4a01f197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
06dcd49143d043cbc8476872a43e1410

SHA1
d0519eaf3fcc3dbc1f8b52f6d048cdaf5eb6d267

SHA256
c3d4769d8af4ed299db8bbe26a3c6cd4cf1536ff2ae27d88bcf3ad6ce58624f1

SHA512
1c632544e0ff70b82d4fcf6d0c982f7b0adc73c7dcde33f8e48a334b8d1e229c3f515bcb437d1073a26ff64b8850955603fe69507419f50987bf90edff9274b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
539f1701185a846f98c42f406acd048c

SHA1
37ca84ce734bbce6ee140fa857fc547f6f0bc47f

SHA256
a6cf0e4d0e79b64859cf92595e44f4718c7d7b9e6b182a9b6508b5b49a6d94dd

SHA512
d084a4a288ab9a9c213496fdeeb0599f00de456e378871652b0bc0bc2fd27d5d7d6846105fc2ccaa82f85d79b348d07b3ed4b51e7836c46c25052e5e02d22d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
d672e08fe1873cc7a552c90f442d818d

SHA1
55765091cfbe40e7adc15f530b70b3c6a2b62b16

SHA256
b189b1e562d4886ccb2d0c7681d838672050b34f6e3f36024679b7d6d5c11b0f

SHA512
ee22aeecb6e714b42f87006b901679a86760144cf3f3035d2b73f0f50c88f19a8f94651642375bd01487debe3ce00b01a52ace1bfc002ded616a3b7b619a5bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
a76357bf1bcbc056a9a621d795ba4c26

SHA1
9134335ac17beb3e9902c0c68fc014bd6f774d58

SHA256
5eb077d515323aa311cee625b4688e714e7c15e3b10594d5328aa422af11e07f

SHA512
33f44d7ebf75702614a180147a7d6f5f0949483058a8e253e73aa7ee81588a823cb2c526c953a2f6f575ac454ee28660e31632e7c6936ca9322c6e86f8193e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
b915aac22ba3baa6f3e23be1a4ba6b25

SHA1
454406a3ef137cece74a306078305ea9b2f8d0b6

SHA256
5c6a1aa8464432764b9f2a06ba3f0a94aca1520d105bb5ae8b80cda81ab517a5

SHA512
a2fb9fa8b03c19f1a1986e4c2d022ee399b46b3837cb98eb81dcecf405c07230c74ef9cfa2000455c0d2d584a8ae03ce685e43fcb58d569202206a4f90182cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
b45b83320db46833727c6a5a14559d08

SHA1
8bdeba2f410819938ac4024ec374df45f46bc874

SHA256
2711364ff6a549faecc511d2460dd955489407da5b70131a3353d6d6ba76323d

SHA512
f1fbb91fa278ec04200964e18b0b5a7d7591c8560dc1a9cd62b0ace4e95827d592e41eb5b2f84cc01708d0c84d4131965ebc2218be6b08a80318007cc0e5a06a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
8fe5dc1f093e1a6791a1e4eacd2b9dee

SHA1
ea9515feee13eae0463338f315cfa3a2dba4de7b

SHA256
4760ee8dd60b99ca10f34d8966e9ded149a236e2917a0d31444fe62e609b0f9d

SHA512
fbf2c1cc29723872db9e45ee81e7790f00bec0acec9d5c4d866fee6ab399d8289c04b191ecfe5f1e5904e3ee18f2097a84137268328f3b9070c72d6b6e353e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
fcbaefaf0cb7d6447f90323deefa6507

SHA1
c145efca858abda7052c3883b3c5d3b0aa6a0a5c

SHA256
180f6a2fe48a23dc097959f20203206dea67f9b9e17a1bbe9f3173d127525750

SHA512
6d3188f9172e3fd71d5434e3c4163d26703355ced7efbb7beebaafb8156751f3a2487fad94f8094a674dded03755f3638aedb967bcf0c971aa0be4fed2b963b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
1de28bc72cc587afc67c7cf42b21671e

SHA1
7a37795bb7fc905a6a4002b7f6247be9c71b7c00

SHA256
4338aabf046f03cf0f5b624e44da821582ab74f8f325b3395be9b20292057992

SHA512
30f0a8f54c5b5b01182080cc707a2282b47c6c4a61ca41af944930d032205506255aec305e30607c8b4cbcd660049dac6a5206cab8874933e2437a2578e48405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a5a08.TMP

Filesize
88KB

MD5
a2708d47d1389b1d36bc3a6a1bbce841

SHA1
4cfc8079558d94f9609aa3d9da3c003b1c67a770

SHA256
815b49e415cd9bf7cb72ef51e52f8a2a24e44cc4874ddfda54e3d09661c178ce

SHA512
d3e33488312deb8cb0399624d441bdc55784129ac83c4b35c64683988f6a29df308ba8bde6cd50954a335d62000c3660f58c9423db3729030eb40f0beb938225

Download Submit