hxxps://datavalet[.]com

Analysis

max time kernel
89s
max time network
90s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13/05/2024, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://datavalet.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601096126942804"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
216	chrome.exe
216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 196	216	chrome.exe	73
PID 216 wrote to memory of 196	216	chrome.exe	73
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 3848	216	chrome.exe	75
PID 216 wrote to memory of 980	216	chrome.exe	76
PID 216 wrote to memory of 980	216	chrome.exe	76
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77
PID 216 wrote to memory of 356	216	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://datavalet.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8ca719758,0x7ff8ca719768,0x7ff8ca719778
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:2
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:8
  2⤵
  PID:356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2804 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2812 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5092 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5104 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4444 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4412 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5356 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5548 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5124 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4320 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1684 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5444 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5640 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2456 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4908 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6168 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6196 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6552 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6688 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6676 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7028 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7492 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7504 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7528 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7368 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7496 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7572 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7616 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6776 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7532 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7500 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8420 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7832 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8104 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8136 --field-trial-handle=1852,i,2153447621975743930,748317855572114750,131072 /prefetch:1
  2⤵
  PID:5496

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
34KB

MD5
ac2e29ea829eedd33604a2f5cb7143e3

SHA1
d0689bc78cff8cf1a1dec7d61eed7bbda25f3783

SHA256
d3c9a504c5f8851f7a7c1ea22b74975d1e316fe44279f9ddc4b5e0165f05e75c

SHA512
c6c5fd8b8897a3a8580ceeb1c3a5e6cdeab579a5734f489561b09ea20f79e6074698e5cb36304d4ad0b7d73cbd58bce153a11fca4a31b2939630c7786d07031f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
28KB

MD5
ba719dd62e39f3f905e28f2c04e26980

SHA1
fe9b89251ed3cca0c6019d58a3c7f058c1343552

SHA256
b8700c289e76260377b9863ae906222d8b8ef44abc6cf4a48dd9e2056ac35f9c

SHA512
26690cba962396eeaf63a4b4e8c83169f790112553c6c64f38e6ed1ec7d8a1921e5d2cd8558acbe754d6fc834ed84f6a16b76e186b0340eed6f477c2e69865db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
89KB

MD5
a82b6d454fbe976a33063850293ad131

SHA1
f5ad236eeebd9ce38e928d1da185a0c80f8b5fd3

SHA256
72cd5a71c881743fbd9846da7e0b8bfcdf88861b83eefde2f734125603e2ac0e

SHA512
3853312ee08de3dc310b532c3067cbbebd5b77bb3aa92f599e1b1d38f9f90c9c7f246c755f28b5b068e958aee1736b94d31794d14155a47386b9792088205856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
20KB

MD5
72a2ae2fa9594ce0527281332c556450

SHA1
ef72627fa213caa93b4721c812a4d21a11555bfc

SHA256
d3e4db3c08475e27ee8ed0e83fa26b6ce91a6b256bcaff6855530e03eb33ffd2

SHA512
603f2212c589777bf9ac5b8912abd4c361658a48cc7c840ada9820b76415f1ddb11b2682f58509985f9c86e8321737ae12c3186316750714e33faced99568e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
75KB

MD5
9e93888333200ef182428b927dffe192

SHA1
d273b1d5589b0b549ab8db7ac5b3d59b2876e603

SHA256
6be2d7e7d05d943746e4b13a50e92c71d582815dbaf231a252001f6f0141d63b

SHA512
eb5e610da33c8db78b7ab042a5981924ac9020a131762932b6ce0075168eeb9eb2c873455f131c8d2b0b3126bb0600af34c68269d8a249e9af309876b1b73955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
301KB

MD5
3d6111afeadb3726f91ddd17dd916249

SHA1
edf6c6aec0914a369e92bfaeda667cad939767be

SHA256
66c47c1f816c2c924e6ef0f9015d5b28e6ff9043face4b6dcf928ac41826ecd0

SHA512
5da59f07092d4963a437808fe9edf9b8980e855777c12d65240e80d0d3a2f7d7fb951fff3097b3a5ba3f8312f88d77d6d3296eb948618a8cb0464be32a4a8694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
117KB

MD5
32b16db98297b900e3467d719d7fcfa9

SHA1
08faa0474f43f6394b225503196667c9991e664e

SHA256
292cba4a4c62a1e46f556d143a41243f2715bcd8ed236e2744fd2fe7ba149288

SHA512
4208a4102fb39eebd66d4d4f00f19602a679dc4e2fb19ce7aa39fc2e1d6911b945341408f28f46ddc62aac5aba1ea26784ad9271e7d30aec090f9c6645525ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
502KB

MD5
add520996e437bff5d081315da187fbf

SHA1
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42

SHA256
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

SHA512
2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e67120e9a86fed3a99a41dcd7f71c9f8

SHA1
e6c140933debafcb6dffea304c2f5434f318ffe0

SHA256
e099280e7c27229c39fdbd1a79d674397db21b86d88b50768f0b0b1db9665271

SHA512
bbd549ff61151efb1c13726e0a06dc7ca7d926355e9bee9705113f185f68c3d8a36ec78d34c64fc88b0e8fc3e68421f89f18d99f6feab1584f80644a5fc54ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b32031488f8e5d4b29108c91f8e700ae

SHA1
f4e244f09b86bdc7025643c3e940f53566509e81

SHA256
dedf2d601b3b505a4dfd70d99132398bf6c908b6296cff42eaecd6019fce5e3b

SHA512
8b645000735c0c555e6849e674b2a4749809e7b794afc1179ead2f1241302dd612c2c67dc3ef6d3815e52a5a42eef4e386462d7a6c0f007424683a346b696ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0fd5b637f69f19a7d159beeaf71ab080

SHA1
194b16440dca37d01967f8a4d0fdfa24eccbea25

SHA256
aec043f25f7cb19d75c58ee14bfa2384e9f2fe58f3d15dd59e33468d5a7c685d

SHA512
ec10cf326dda4cfbb493401d38cc5e70ab08bc1972cc28ffcd883a5359c71f00992b6d0ed3f702f40b4810df466f0d8fa365d21db7946183f904de299f3d9269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0573eb47f4a6969b598e7ae206426e89

SHA1
2526abb54c0137958c6b3c7788758fd52761ade7

SHA256
436c05bf9ae1533b40337e8fc7ac53accc9b57ca9f52cc2b6f6e1003e04d7476

SHA512
cda964c8ee090bd8bde67cdf77f56b516fd4233b44d690d4057366bb9b83a7298e4d92b7dc3c93b4ba103f8a562eecc5cb4dfe9886290c70c47635d134aaa9cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e7e2e51e7b83be14e5e20f7434cbd8d8

SHA1
dbe443eb790adb2939906dbef08a550694a83020

SHA256
28943b24f654e1d920eaf319b425c063dbfd4f9f31edd511eaad1cfa8cf0c253

SHA512
baa3e056674271e39b5d611577dfa5970b6b81d2811e40a69f0811acaf31b1831ca1e770c6b2e8707839e7a75fe9bb1cf52d1076e06813b3ff16a1104c3c9f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bdb7aae1f90e4c34f41f08b8fcbea9a1

SHA1
38d73515a790cb5f4f673e29189ff63ffb8f6b0b

SHA256
814b2c50be4621680293475e18281042e8b0630a28b3034f46ca8c54829f4fb6

SHA512
84590634441eec79c1d72e53e5f040c435b013d43eb1ec8a18565b9c20f4270210d2f2ef98d695fb39b1b357755acb2df39b7988f3b024f181b319cf6ea38904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
71c4ed582643b6d1aed2064acbb7f27d

SHA1
e1179c148fcb4d8e583bebe9447364410a2492e7

SHA256
54d604a9a5dd69019dce85e81909633d86d6c1b2c4a70ed7abc8588de98ba541

SHA512
d036d3f7bd7a1175bad9bcd1eefb435e6f7e57e4362b8fcaeb3778b079915401889260d52e76461333b3531c25b627b4eee03d1122a6ec01d7b425f290d37858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4bcbe107a12ba4d104064fe017753312

SHA1
333f99f1fbabefb2ce291335f2bfb06cfdd6041e

SHA256
2fec2b6b283d2c58ec189516b3a8eec5e9462d243bd3da52c7dcf830bce2e965

SHA512
a19c175371fa84bf328c9c5393d547eb328362ba71bc1b5bb479972adbf1ed419c1d00a4da60b081927da5bad5bb8f694c3d8d49c6861dd399e78deeddba1db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
085ed65be2c2cf56a6b338a8b39ea92b

SHA1
973c66c25eb98f29d7359ae588ef88dfe9e4fcbe

SHA256
14f57cda345dd1e1808a044853f11afb9ca456b680494fdf461c7d13eaa7ffb3

SHA512
ac03237d45de55593746eedae2d5432dcbe8ce1264b52b81df488838c842425db49e990121af12364c1e6c0c8a6e081630f8c0d0518046ed7f93f2f839b1986b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58002a.TMP

Filesize
48B

MD5
4d5cf960ba46745348f530381cf52ee5

SHA1
8b94d27265ae0d251ac5574a31c6b95b4f443361

SHA256
bc257e26eb36ed35c9683a21393c26849b26d065fdc5b8e52c5efb2a92dc4c9b

SHA512
f5bf0797bd815b832f20647026daa6b78acf90b3c63b271a2ad44344ef112920c08ba5a367cb4cb2c9648397e3abfdb1c8a25f1c4fd567af52d1c17f7b1ad246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
afea7a75b387a4c9bca926d6aa03c2aa

SHA1
3fa472e7b984a63a63c4276206ca09c604f9abcc

SHA256
4f1793e3535b04fb6856c951e1fafcc8e5286744d0ddf3b28eb54bd20bae458b

SHA512
e12b622335b081807e1c26f51dc2f18f611f14ce1c2df96eac2ba9ea2459b291b52520532a003ec976b519645509a3ef412fe1e86277f9405d766ea2be8ca36b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
08964b8f173e6a0c4ec3fc22983e2146

SHA1
73e0a86ea57ff75184c3654bc42929b42a1bf289

SHA256
78d7ee31b9b65e4a062fb17a29961a2605c2ced2bcd8026f49fccc907a4f8bc6

SHA512
8a2a2d307b774081e62e31d0b93c421f6e82713f3c22d2367b312eb98195005ee92e6c5b3e2b69ff3a1b9fd464d9aa3840c0eb213ad5459936dbfffcd6f4039d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b215.TMP

Filesize
98KB

MD5
98c40bba2a1b782911a1b3dbe7bb0a0e

SHA1
7d38e98b3d0720bc9e4beaac8004714d5d31a51a

SHA256
d224b309339a6bad025eb6342bf8a5828bfb139fb7e3b88f04d10bb15a027bf8

SHA512
3fae6ea97c4595a0457d258eacea7394f0cd4d8a86ec879f40e31141af86c92015abf3212ef5b52b340f0831a5e899a423cd82629b6d0c2524d28e4467d97577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit