hxxps://t[.]ly/Dol17

Resubmissions

13-05-2024 13:04

240513-qbcpssge34 10

13-05-2024 12:52

240513-p4js5sfc6v 1

Analysis

max time kernel
600s
max time network
590s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13-05-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.ly/Dol17

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600784784316441"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3608 chrome.exe
3608 chrome.exe
3608 chrome.exe
3608 chrome.exe
4088 chrome.exe
4088 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

3608 chrome.exe
3608 chrome.exe
3608 chrome.exe
3608 chrome.exe
3608 chrome.exe
3608 chrome.exe
3608 chrome.exe
3608 chrome.exe
3608 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

chrome.exe

pid	process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3608 wrote to memory of 1384	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1384	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4552	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 4552	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe
PID 3608 wrote to memory of 1340	3608	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.ly/Dol17
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8cbe39758,0x7ff8cbe39768,0x7ff8cbe39778
2⤵
PID:1384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:2
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:1
2⤵
PID:4288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:1
2⤵
PID:1752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:1244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:3308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4512 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:1
2⤵
PID:4676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5880 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5312 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3844 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:1948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5544 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:1
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4804 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:1
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3004 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:1
2⤵
PID:3312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:2364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5696 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1448 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4828 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:1
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5548 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6216 --field-trial-handle=1832,i,4584404631016862401,1384480331963263140,131072 /prefetch:8
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4419ca2d4bd5c2792e45565115c8ed6c

SHA1
f9c91864b1ed1905e61516046af8b19fc31c4942

SHA256
a6a914c43501cc9fd51a45c9707fb42e60c8c19d5eb0e5cca7bbf3d3c7908d78

SHA512
b6b3a4bd723ce31d7813e635947824a17f5da08541727b0857a27cb6117aec137028be7e3d44e8161b3c84794e97d3b01a2713ca9dc08cf0475778810b4b02e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\33df753e-23c2-48d4-874e-3705f5ce90e7.tmp

Filesize
1KB

MD5
336b6473ad086d0643221b1a622fdc2b

SHA1
5f31c8800876f4f727dfe939f13bd169683957a3

SHA256
c2b8674e1a4f29ff8e5c4848df36a99ce7342104cc7e54fcf34e3c704456479b

SHA512
504adc4b15c607bc07699ebeab2f75e18c388e2e0870364d06cdbf90335f49aab412fb552435a10e145cdbca96e3e24782d77e2276ebaa614c2ab2934d01f1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3c30b47eedd76cb18461b0b9d49e1c64

SHA1
2cadf7013937ecc1cb6a99b6d4fa3ecc70f596ab

SHA256
3c5afba351de267782c3cee6d48926ee74c38120a19fc53590ffb2fd5f5f3290

SHA512
e5c9efb86cd891dce44db0c8495e3bdc59de5ce4af99ade05011677107a9e1329215358fea9eda3aa83b2001577c74ba520ca6fc87d7083d5e3af6a48809879c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f6d5bfae2aaad63a03e1b71513ce4ca2

SHA1
e30ac1d3af71ecfe418ffa7fc914e3a586b54f89

SHA256
a98313fd8a9e8ede7ca31d4a668527e63a69ca85cd2d1a5a94ea07605484c9d5

SHA512
21676349ed91c4b550ad26a85d553ce94f0dfb246bd17dcd22d2bc338314d609457bd1afcad8f2299186428686a27a1dfb81f852c3afae2caf1ca062e48c54e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
931B

MD5
c8badbd1c695c50a1cc7abe222a2c0c7

SHA1
8476d399e22c5f3ba6ef2eeb12b54c2193ad9648

SHA256
af4d403b4d38a6ab4cb39e0612c172e9ebc55ca0123e2ee996602ebf20790d80

SHA512
472123da4a31594ec5566145186564f673b5ebefaee020d176b8d3cff52a676b2a3fbc6b7c2b9676f8dde5cf3d9f5252d37cdf18a9af62df2295439b43dc7eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3f615ac97e15161b579aa827b8abf845

SHA1
adc4d4099832c0ff37cc1e1ddfe553ca7fd33635

SHA256
52c80527f1846335a82250227f03ad6bcc7f311296b6383b88cb803a92cda833

SHA512
825e84571f2ca9dd4bbbfa792512dfc8f3063aca8ca4c3cf6609dd6a5db8a5700ac22101abb415042536a32433650f40d09f32a42de62a388e2d8f622f1a2587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2bea3bae8168c4e5103b76231d6d65ea

SHA1
dc0f483b8c1c8340def30f01b48b24136047c7a3

SHA256
7ea13c09be1eda5f0194800631c36d2b6a7168d2748f5ac7be41dafd491ab39f

SHA512
a08c2e281120f120c5e2c148c18984eef582babcc377e0424f11b61fc6843433dd3eb748444039c2b428c62a329450ef322c4489b629a81ef7acd87286bcb755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dcdcfe0235ad4a60c88493daa3ff7f95

SHA1
54506e7bee0e3f754e91cf0e44e5c07d70806ec9

SHA256
b2d9d7767bf0f2d7cdbdadf3784d214f0ad63f7c647b00c37731d016898adcf0

SHA512
adb39bcb5b9a88e77fac6dab8a3549cfb936e425f5c81cb6c20ca6450b8e8a30d0661cddb34900bc64b6505c2958153b4ca03233a90c2c4150ebb0824478cc9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
7e599b253c626ab5da31fb2949a03277

SHA1
6f2bd5e4e8e3636b0a55b90b183dc66718e3da8b

SHA256
018029950b56b910c454c024af763b1d3f7caa38f09e0ac5c3cf1b59cd2a9c96

SHA512
5607dd3cf1f90750646a89c5417d28e20859f38dc5e8b43b16ba62871b1d6f92fba695048b74371c1a2f2836b404f5f00aa0fb203c6c7dad7d70076e1ff43893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
a8335167a4aabb2f5cd3db388122f3d2

SHA1
3c8a4374a8b45cfdb15851bea4a374ccb555968b

SHA256
ef2eb601fc0d2d45955dadb33a92687d879b4f5c63256e3976d6beebc8d9f5d5

SHA512
63d7b054668c803a0bb3c2f3466371e6145a0fe7768744954d0908a1a4f6019d66ba6adb3be7710693ca21f42d8d183c93f126d9d5916d5f1801c4c12db3b4ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
691b65eb957e2376e70a1fc76ed49eb0

SHA1
f1e0d8c6f6562d1afa7b52551cfa63da09770ade

SHA256
ad13f656345210d61bdbd7708f9d4065ae6c2bb7aadaa53e78030188a12fa5f5

SHA512
a5ff61b3152a17ace7063a03dbcfe1a87111cc15a2347d911dd0914fd972b8fd7e975952a4b9a1f5be4113a21dd8007fa61d24b9f6648b9d438abd1bf8eec4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7603a9919e471376a88dde8f47e648e5

SHA1
3ef4b6ee09aa5e0a09c48cb716b37d0716e0d079

SHA256
9eaab5c66ef3d12625e75dda43928ddd89983cc6106bdd413063dd333aa0656c

SHA512
60077d19e9fa9640eb77688b6ea96110fd8cd54ea23b398e87925d46a63c1f3e2f70be253d6d4498feb7b5cdafb65773f57af4284894fd1454c6798c55c88304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ed12197a97cee31592fb5a3809fc35a4

SHA1
d728169010388b61c2d4ecbd364d43597d1e7db7

SHA256
eae9b6eb67c90e40ad1a205f28fc4e7c13995104bb92c44909822b9af6a760bc

SHA512
8889953f1b14f82f1abb2aaab311738bcf9ef5e1ee333e9809a777799de198545795240bf91eec1566e317a778ff0d928969b4d70c8bc420eab2cbbcfaa3869c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
946617988e6b292b9bb5644bc136c654

SHA1
6bf7dca65391a614afc945f103aba32c9599cc22

SHA256
4ef48831d9b7b6f4296d2dbdb2e48304aff90e10d1444eea35305d727798ba68

SHA512
a3fba1aeb60acdd9704b3c4040e1766b2a15d5c9eb9bbc078a97130e8b76d83124babdb676458b840012dc1fddca85f9182427c19224ca1a3651832e9ed9b21d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8e12b53877ff925d77f013e9bbe1395b

SHA1
5266bcf44728e94e7c2e159779cca5575227c7fa

SHA256
7bc4f6d4cec229976dba4ba2052c83bda7a414b7bb9e5558f378642ffb63db1a

SHA512
ffc5ef1c249249cf583163d905a704ea6872ed73150c86e4cdf9f38a6902d9c577bff3281af6c93f90f7179f0d3c9ba790ca538aa792a7a6f229c33761722d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7c1893a59eae9915c7384c0b54a8a839

SHA1
a4aa35160da166a43d51c1d2c2b892795d3ffc1a

SHA256
2afd76119b4cdc48310ed4c2a6eb2dfa79aef2916e4c661459b47f4b59206bd4

SHA512
140bbcd3b59f5e4c4e2479ddd0408830b1834798eb6b8509ed8c0eac4bc06aa0bc608c5bafe54bf35fc8183dde425836132c4e681e7d9fe39b9f25ee50d3bf1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593762.TMP

Filesize
48B

MD5
393131abb0584325d4853636ba86068b

SHA1
de7ae4aba2b8999fab178b21cb7cb8d8ec3e83dc

SHA256
c1652dad237a367c632df36e5cc8bf0c33fa021117efeecb060406fd43f92ba1

SHA512
8e902572b65c9f82e681f8c4f5760b036368e7b6ed5298266825a53a8d8ee9c7630b48a8f7f30eacd4a44825b23c452e46442447070a9068b933748a73189885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
f786e14eb8fbd1cdec27cd0e460ab19b

SHA1
49c2f0cb12c7a211daed22977b869c3a1b1e7516

SHA256
9cdb3a38467f39264faa035854ba19da39c890b9b010890f0d2648c4eb73fd7f

SHA512
6e864bbebb45bf5a7d5360ec0b54324d5e2c6fca7b8b2824b563f95384160fe3d2330532ae80d05c5e40e6af1ee79b6d4ff602f4d8d54b1dd85bf593e051316b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
a8aed827712599eb94574a07d079a7b6

SHA1
1ca548a09a4c4788761926a50f136fe116029c52

SHA256
7faf07c5fd1e65c90ea143b232fdd05670e537ef35a4416e63029e2916036e50

SHA512
0cfcd10a38b621d78baca950f39b55d05492ed1a33f7707128b1272fed882835daff65744855322bd55fef36003aa90f4693ef490a06576fdeef4f6227d9f5e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
8a9195d43b7cdf5abfd55bb6e63166ee

SHA1
da2191ffebb22f192b654e64115803fa82649f90

SHA256
7d0479a86c330714636caf99c5624515dd3aba782bcff3aca8b83df6a0a6fb0e

SHA512
205366d3b8e8e2b575ccf3ad67c9f8ad216b5c66a7b8bca2e9fa3c352f2646611b0c60f8a171d7e4a5e1e8c16d7cfa23b0b480635d11474219f946c9e60fb7b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
1459d4ec8ca49c01ab8e39a9fb810b7a

SHA1
472775ac7f941153b3e24a77f6a16ee235108bf3

SHA256
7843f23c88eb2206629ed5b47ffdbd156f4e832101ad04133920ebfc640b4479

SHA512
77abc7ac94ba3f3c82e9e8056071fe2c2719081f6ae5cdecf14574fc946885f4a537dc5f4d3e53fc47cfa26d6b3b92de0c9c5bd14ce46d56684b468bf325f8af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
bbcb862bb301377df3684cc2cdee1438

SHA1
02131806798964bcb033c59a0b69450a823547cf

SHA256
254fd6b886199ca6aa1f21adba51d152e92ca29ba04a9bd2d9930eb90bec5dbb

SHA512
6b548d6263f8c838f962d2855950f467c0af5d50a32dc555631186aafa879b44a677704efc61b437cde22213ab3d841a9725d54d00722f51e8786d3559712fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
e10f7e8fc69bcd1dbf8893b193c9f51d

SHA1
a83bf9d7cf3ddb46cb5e2474b494c0c79fc61378

SHA256
45939c572f3b5f279602b91631fa14b72571dde35cd3a871db4ecbcab72cbd0f

SHA512
abc7fe43442091c0126cac7d15e3ab40371d4bb42f1cd3704efa42c12cba7efac0f188e275c32c5e0f36dc19234e531581be27859c898a127d588a04eff712f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\nje91q.rar

Filesize
632KB

MD5
f85c33dc9b710080b0691cb9170a0924

SHA1
a5ffe397ce816453a59992da2d545aefb53cdd23

SHA256
14f41e52e85831bb42d9122b038fe76e86bc084e10636d086a4bd9f7f26abc97

SHA512
ed126ca04306853ba28e298fe890829932406cc376c2460e5def5695b59bf79b9981222333d8a168af4c753603f6813a7533776324aa33f402369fc9ae928a76

Download Submit
\??\pipe\crashpad_3608_TYNFYBQAPSYKXLGF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit