hxxp://www4[.]vitality-forum[.]de

Analysis

max time kernel
56s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www4.vitality-forum.de

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607739667566778"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{B69F271D-8DB7-420E-A2A5-FEA1CA8B0BAF}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2324	3064	chrome.exe	92
PID 3064 wrote to memory of 2324	3064	chrome.exe	92
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 2380	3064	chrome.exe	94
PID 3064 wrote to memory of 912	3064	chrome.exe	95
PID 3064 wrote to memory of 912	3064	chrome.exe	95
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96
PID 3064 wrote to memory of 4008	3064	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www4.vitality-forum.de
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff987a49758,0x7ff987a49768,0x7ff987a49778
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:2
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4084 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5244 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5412 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6048 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5996 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5728 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5388 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5980 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6320 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4588 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5936 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6484 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6796 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5160 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6760 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7324 --field-trial-handle=1872,i,3444179885636757805,8132749639026010026,131072 /prefetch:1
  2⤵
  PID:4756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:6100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
72KB

MD5
eace2280dab066ebc4e082744175da91

SHA1
6d5ac9a54d64b245067f94cc00527d6ee242e219

SHA256
32524335701ae1ade29de32fdac4805dedc8148fe2ca6a244b9a14ef66547dab

SHA512
d67ee52a183c5ebddedf1d415ca4b9dbac6dcac9671f5e3b92a66f98da17a843090cfd1105d6164f2d655ecfed2e6798d90d5ca580774df5db965b00399cc5c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

Filesize
32KB

MD5
f48baec69cc4dc0852d118259eff2d56

SHA1
e64c6e4423421da5b35700154810cb67160bc32b

SHA256
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

SHA512
06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

Filesize
56KB

MD5
78c2b586d013f22c00a7fba84f1b17dd

SHA1
297e8185e03b95dc9ac1d3bd61d7fa6870af5e22

SHA256
296967c3f68bf40c880602e4f9332488b55e6b901d7f9abb0190d391e2c1895e

SHA512
6904ac1bc42db7d8e0b7470369dbd2de6936f90af3e00c247d773ef2b8c20cd4ba54ca6fd3983f37052f8d74faed449d14d790ba500ad0ac72a3d72dca82a077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc73d1432b8a80cdb1ef8949962bb674

SHA1
31cd48c7f0a226a58d8c587e09e426f2f5305e0d

SHA256
4193c493301f593dbf728d32759259e00c4a8c4b5723b1d29a73f47d10b4702f

SHA512
e292825cfd08ae62668f7003ca522fb1d735e594e2064f45353cb6e2eb91941e881aef70c48eed0c225e26546fc898b3dca2f48bb106cff733fdda766214f1a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
92ed3f781db466450eb1bb1b10ca1976

SHA1
d8f1a31431888ed88b4f10d42c9b8cc24624834b

SHA256
839a6277c37a4139c16cde0cabdbc4efa98733a8d2bbd7c6eae6869ac8b75984

SHA512
7b782ea3cea288097cfdc5916446eedcde8214a01b9ed1f22e567ff0f203c75aac702630910df69a7b7045e455381ec31832dccdd5133047c16621bccef70ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
60cc4d7e67bdf183940c7b998dfd0a87

SHA1
d7d68c41375a715c6d6690dc9899306db304e5c8

SHA256
b49b71f0762effb334c0e823d43a6e520c0b5d79d6744da57baf819b4274ba99

SHA512
411116db2c42011327c2c4af50273ad14d7a9c19be9a63681fd8ed34c28849ecf7a5dd3c56ca4eb2084c873f110d2f52b59018928b86091cd92f13b32986582f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9903ff29d64f471e62f79602c2682649

SHA1
daadc14915c850e313a4b09879b1b362b3ceaaee

SHA256
6aec22157e5ffde4e9d45c7ebba9faa13e80d8b62d106267f55507eca3a482ad

SHA512
4526c45e656b3d23804910c28a559520a521a2e7684e419030a475f8393fe9f866cf9010c76d750639df01f792ed1300511f9ffffa8b302659c095800ce25035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7d706c4ed63b901b2e0ab19897c4bed1

SHA1
a01939f7405dd68df049d10744dcd90ca69d8089

SHA256
27207e68ece9bac1731e5061275535f6c292b950735143e16c7ed85688216d06

SHA512
e4adf52feda830bd80f346b59088261ad55e6e1a901b911b476536987e81d27199653b5ec01c2b5371d39b29d8336de739cb2ea89ffa2f47f5b144e519046f03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3392edd8a647e3b85917381587178f80

SHA1
2fff52347b7f0c30caa8239a21c5eceafa7ba9bc

SHA256
2c6b2618c7096db6b73e0079a96ef1f79b58475f98198d7f362b2386f16e8614

SHA512
642610e2682ddeef737e7c2ebc5a26f743646afe3475c8a01ec8a3ba79050789dba13206befbfc145b57f983d608ecd9305a1383a7095513c33ae2a6cce3da90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
518b02deb9492cb1cb52091faeebc655

SHA1
a5fd05bc676370a9264da48b8a1acdd4fcb8fbe2

SHA256
60488f8f4b613f814ab38e09442fe7634d0269b3ead5a56e4e4e6841c8245f2f

SHA512
5cf46475a3aadc7c93d40fdea61a8a982f9d0c7ab6b860f7e7dd7ed7cc41ddc5a1f2268ccfd692e9bf22d3c8b4beb555659a34f388b459047cdfe5785ae0aea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe589342.TMP

Filesize
120B

MD5
66fe856aef23fa0feeb0417f61b82830

SHA1
73a18937085fcd19a00ae3a94b72ecde3811f3a4

SHA256
0caf7b88077eaf7f64e9d1ba0841688f7d274cfca8aa48e384963e8384f53d54

SHA512
43f82b3003d5fcf61e9e5f7284739d4685e91e107d8f21e33548ac3c088872552e0dfdda7e8c0e2bb0de3038e204ff8f3115fe2de8041e2120fff0f933deda12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e87097a45849fc67759b164858f77f55

SHA1
1a9b86e8bc667c5c0ffb55bb41c3ebd1189acaad

SHA256
a4d193587a80ae066aa9e8fccd3c6fd6c5cd825113ab3e4fa7c4dd122bdae6c1

SHA512
5de931e4add347f17b1df4984c477f39b600f186856a5215c1a2ffeb07f41928e31f3e67b49ae0c7c27d70a54ed1fd9ba0eb7982d205ac1e8a19d96bfce4504f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
f6c00390db6f49b8eb04c069b41f8201

SHA1
2b2914b5fa732828cd236034d84a67ef4f1d6732

SHA256
8a15569806a0e1439b973a36941c0dfc933edbce833b892e70829db048c504db

SHA512
f645672dc7dda4bfd3e987a43cbf0bca6b35db3353313179b0db857eedb1429e54a7baf1fda529af60016c57168aa3751ebc788ec38a3e5d00116343804e12cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
233e8351144ab1e504f0118876d1be0d

SHA1
4b1c587495be1cf2605731faf5209ede30ed028d

SHA256
67d4cbf0a3b1183e215fe00ceed2adde61cdcff4cf8863194db78974eceda139

SHA512
f94afaa35da020d6490f7faa75565abd591b0c562743331115205d61029e489d455726812ea6eacb3d8fe9f15c4c8acfe5b5a8d9407979f476abbc737bdf8530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
c25dd30c87153d2be5eead6f54e2f6c5

SHA1
29b7d1c2e84b1639b937ed9f8c2d214b5d8ce223

SHA256
36fd0ce70cbcc78fd88212ce71588286caec90a8229da083bd0c1428edb5c693

SHA512
a0095c2b7513f64087362f1451d8f986533877a21a468b77463ad206f0611017ae2e783d2534e2d7230a5bd23beaf3db07ef96fa916346b12b23ea68f8e77889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit