hxxps://cdn[.]atomicfn[.]dev/assets/files/v1[.]exe

Resubmissions

21-05-2024 14:52

240521-r88zyahg6s 1

21-05-2024 14:35

240521-rx1jeshc54 1

21-05-2024 14:32

240521-rwf4dshd2x 1

Analysis

max time kernel
149s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
21-05-2024 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.atomicfn.dev/assets/files/v1.exe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607755549174694"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1696 chrome.exe
1696 chrome.exe
4948 chrome.exe
4948 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

Processes:

chrome.exe

pid	process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1696 wrote to memory of 2152	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2152	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 3708	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 1252	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 1252	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe
PID 1696 wrote to memory of 2348	1696	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.atomicfn.dev/assets/files/v1.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa7a17ab58,0x7ffa7a17ab68,0x7ffa7a17ab78
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:2
2⤵
PID:3708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:8
2⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:8
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:8
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:8
2⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4388 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:3832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4392 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:5008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:8
2⤵
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:8
2⤵
PID:3460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4360 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3408 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:8
2⤵
PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2296 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:3360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4576 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5416 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4288 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4556 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:8
2⤵
PID:2276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5168 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5508 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4776 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4236 --field-trial-handle=1648,i,3895377491038904706,10693220471000721039,131072 /prefetch:1
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\46ceb2c6-0035-4e35-860e-224db1a9f7fc.tmp

Filesize
130KB

MD5
2f6ae044927f2c609fcab02385f9be67

SHA1
6c2aabf314bc191596545cf8bfefdad42d118f22

SHA256
92ce3baaf86b2cf1f41d20a83e7c760a374109a2c20de19df7c36767b3185403

SHA512
9164259f63271f27e71cbf39bad3319a61bb7e37f09a82b52fbd6d0db894f96990339ac9d7b1bd8f317013c7707a5e5753932019e327fdbeddc9360630a2f55c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
325KB

MD5
1d90a7ba21ffc1ff4895eef7ec4c0768

SHA1
087f667a4f346d690048cf883097d69a6f8c57ac

SHA256
e2b9152c6257cd83ff729a2d0457ddc38fc90598ba1523de4fa816fd8aa8a99c

SHA512
793f7071b240d1f9d1f804a9cb76c9f7e82fa58eb284040aec3a89834e4ec32e112447bd5bff477c39ef583bf58baafd87dda6621aebb14e2a35ce2aef0228c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
141KB

MD5
724c15f3ef278711101cd3160524ec3a

SHA1
3da2b31522d20dc9ae107f92687b9a2aa16b0d77

SHA256
64b23b1f20f13a5163cf780fe44ed3b351dd5f47d07a72bca3f2e4fe7c1b4c6b

SHA512
ff92498f173c232205d254863c035dd889f150b06f2227262e17dedc7c37ff2c31c3e2609878f662fdeb7b94d204c293d1e1344b50dc41e88d07ea7f2f781968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
21KB

MD5
c579f316f65a45a4f6dbe20b7bc1d852

SHA1
ab507df8df2c5d9631616e083d8e57a1175bc379

SHA256
2a24d39c0f7270753aca61285637d8b5e965e2305203e35053257c69fe0ffecd

SHA512
6d20c1bdbb7a3c54f9b348f4b2a1a8e6f7a7702b1417ef867d1e7f54d9fb79616e13e9b0c4d782d3289df6bb7709aba879c5b24e390cd3c6380b0f4843f74962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
143KB

MD5
8709c534d525686381eb0e95aafef071

SHA1
94bbe4ee91b4a44fc967e1ae708971f24788d3f8

SHA256
cf59f9b113ce92b26cfdb1bfc5fdd546f6ea712787f1da3b8d13e8d1135faee1

SHA512
9a0861a208a41680b55b2ee59c0f2e0185c4748c15adb5fe0dae275aff25c649eeb1563f0c35762b4d23f42294038948941897ca83d937eb42ada22ef6354db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
41KB

MD5
47cac4c37696000f37a384a3466ee099

SHA1
a139aab6df476d2956f5dc0f1a29d476f60493a9

SHA256
6e59751174dccd91ce39cd303a11652b9895cc4a1e7c5c02e8ac6b9f2be309fc

SHA512
47ea15fab8ff718b4ec0677cd9051aa73e46d4e08818d44b64f8a8af76d10849837e63f2a178629de4efa62e99ebaeb7312675225bc028682c98d154fd7829c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
19KB

MD5
76d010ba304dd8e633aec988ccdfd4d5

SHA1
ec30e87e4f45cc13dd377b325a791d11ab977902

SHA256
c0413f581e9a5bd867d71c0a0bbd03dc1654fb5ba34505008193701ca00653b3

SHA512
45c8a1412f309325f5db573bdcdf0913562e1afa1d7dcb1dc3c863194ba44c142f598d26d8226a3d6869469c527c6bd0d047f98f4a97a93c6f732a9d4113b0b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
ddad74d5f4f4c4c6ee30c36bfd4f26c0

SHA1
1ee06a6ad55d5e47e20d6147a29d51d4920dfdea

SHA256
5a4a4aeba93a1c2f37aa0d8d102005b6efcfa6e23372e25f7e15cb37dc01acbe

SHA512
18b778726c1bfa12ac9d61a7fc5157246e24f7925bbf3b44935f09821d8935b79fe7c2e5ff581d911a86a3fcececc0f4bd4a9e888e248da4bb1fbc7cc4321ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
38210a226ec0a90f1ebdeab4eaf1e178

SHA1
c32588997a23ed10ee32093380f119231fa16432

SHA256
93b2d814ef3c2f458b9d17062cc50d7aaacad07966c4cf8035db65cd4d6aa31a

SHA512
447ee9acfbe71caaab2ef6801a2961efbd876fe72dee781c8fbab094469be161957350d5e9116b5a7d306474a04f5ee0fe862b194b1b10d2aef70033a8369500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
09aed89ed69b179145d3b4bf55a50b91

SHA1
e2faa7f0feaee0075400b12b4710c7c37c9e0f52

SHA256
3cefc7f35ca02e6626bba94b11fbc7881ddfc47dc08702818596b1fca163f7ec

SHA512
2b72e9b3e9a3f1e6bc70370826a64c1157ef19e0f6adc25cb8cd4b88d2bf7502372a85f671dd4864b3fc24717d2f9a7e680c1a70edb60586caa3bc4dae027238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
129537cc2d4b70adcf797bfa37b5fb81

SHA1
2940d6bf739ce12dde562b45d2d5d9b2d772804e

SHA256
2ca2a5e70b10c1faadd54ae52471a7badce6165444354052c2926652b2049d4b

SHA512
d2a5c91a55f6d0e75a414aedf061d1bcfef85daad6345dea4ab22db3261bd3abea990b4713cd707db99a41ca9d9a1e44e5be9b4d5b2fd8d8c0d144d76439ad43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
232ca76d13e2d84eb7d311df18ace562

SHA1
fcfe2d78ac5aafa7c1687ad78e81699491772e44

SHA256
da3bb1fbe54f368251b1270baea83c66142404a294be7072760571fd2f8e3921

SHA512
3e9e6662f2f993376e364debd2f55585f24519b1bc386771a00c3a6e72630c7512e8d78e3a905e1945afe9be3e22522de7414575619792dd5fad12d2a165d729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c8609dc5081e5502eda36a3cc3e95864

SHA1
5c8837bdba3093b2dd4d8db02e1e223bf10bca4c

SHA256
1a08e97fc765d76d17347ef3902a4fa227244c046174a7f4f136c483c0910f93

SHA512
0c4c410dec897b82b07ccd1c753cf86505b46e9509d9489365233235e907acf42ca0448d4c4085b31e52617a8584616b299966d2496feec80952bdf50e6b3ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
bf9cb704ea4c3dec0434de3d51b4e258

SHA1
624222e88faf6c3ed1c3b5f7d1398fdb51b673a8

SHA256
4ad19e34d0320394856742200576d2ae4e9b51ce70c39ee805fe9bc961e2c937

SHA512
3657663c13040ce5b7587e4a170e905d41bbef083993855793da90aea9f6425bb5dc79f2fd4917c10a929e90df0bc2fb45c1d1ed046427b89732ee9276a8d739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3128acdf478b363bc19bd1c3aa7ae6ba

SHA1
1781b9a3206103ae9df6a4bdd605778931b9d4e2

SHA256
c831770235037cc917c1833bebace70b8833a3a66065eb9114c5d717ea789ec6

SHA512
166a2b8c9b4398e0a4da3769f4e5b1f454c1618fd272d05921724b45d87bf697ea143904693de7f6e3ec053c8ddc720363e205fe405e04e9ba13ba41cb8daf0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
689e2fda81188871bad8514a0adeecb7

SHA1
833f449ec08b281c22eb0a71c1275a5951498cd0

SHA256
a5cf920223984890c1c7b578566728b54c2823e7971f3c2a8a7f479e1750f9d2

SHA512
8fc7f27f2f90833a8e29c59bb20141c7fbcc3bcdd3d1b488c54148aef2b1a5a694e19daefd3b392d5d5759c6459baed3439901c81fbbf4b2b84943924dbf4897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
db226c81ac73a0ce388fc10103d778ab

SHA1
2269d34191a6eefef3175e7d2c220492a64fc484

SHA256
3539beaf55d106b9a1f5753088e3ea686d5c225d76708ab130bcb1d1e1aeabbe

SHA512
9283e75d5daea77004ee640c57a0f1b3a0dd04ac907bcbe74cfef6ac392141f55856265c187c7adc5df684e6b4f15fe75dcd027d359740f2e5979a05b22c2b90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ff2f767883b18207d0a21c50670541db

SHA1
69cc22c41ab674a71f408c03300401aa435fdcaa

SHA256
468af5e66ced4319da8fef8cf57d06a993c7040984429ccf927c5ad6b32a62a8

SHA512
c6cb9da286635d39cc3b3e67db283d9db0108066559a093df4861a82bc8af665d832b8ce71ea7971fa651bf8486b6c106026517c9cd3da0fe4fda8439a366231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
dab10c4827755954849d1434aaa27b5b

SHA1
d245eb25e52bc664d2c4cb3a39a0f837be861efd

SHA256
28277442768196743e6e149a8ec84b358d8b0493de23d01c1b98fa322deac15d

SHA512
625fa27561dcd268f135a8f62da8a5724b311017f2d7d1d58cc07da85ac158e2de09e5988e2aa91a3d20c1470cfb48a362326e1678b43e82f96c75eabb67cca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d0da1c529bbb5d505525ac0d76b1574c

SHA1
a45fe539b175e4d36fa3fa38760817d3b48d2d7e

SHA256
46b9e1e8976dc0f83921b481eb583574cb9ec7442a6990a17d8764037717fc50

SHA512
be986a171ca13e9926e621b33e18bf3cfeb18fbb1846440b27e56b98797f649dd578e3749af0de44ce2892b8ca5e53a603378591a8e05763a43e49a2b016da7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
04f8c392f2e614b5fb72c2c4f5c06416

SHA1
3912dfda8823849f5c4197f8cf13183ad5c04721

SHA256
182c5815523a7384a3eecaad954a28f8498addab6de33771bcd010385d69f51c

SHA512
c1acdd55b3a9e476637f9aa058f8f5615152e675ea1e3ab7826a55610afca3762b09a1bb59f466808de654fda63ff3728f2e9a7da403202ed70763f2b2211d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ad4c1ecfd7b5a3f98a23b3d021a6027d

SHA1
af4ebcdb63c1028cef1b87aaa9b5baf08a51b512

SHA256
b832dce011de5c2cd861f06461ddcc75743a78f8485f7d59a27181be08924498

SHA512
1914b02e0f6662b270254068ce7c89495263553f9a4d6de4a278792f94aebb9c0d6b29aeeee7a77a8e7e6a1bca51dd5792ce4a78ee801a930246eb193312235a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b94affbf3b94d35868e5e96df60d40e4

SHA1
23181aaddb1b75c68f78d42aabcf9c0b68007a94

SHA256
158b464332c963fbbba6fd69c490a0f07a5b596f78157521d9895905181d6710

SHA512
c823e96c814195c1260985f61b509afe0acddefbe19dd87321cde752717c7f1e2cbeca20ea12a8de90392b9a81e0fa456ebd41c05b1f484fb2eb4700a770ea24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
ec5fc091627f710f284b9e7abe8c3cec

SHA1
9747018fb9cfcabaec893a11188735901f03b15b

SHA256
3792e560e877702854035d1d9fba80a4a289cf265279c5cac8fb59aea4655b94

SHA512
18ece0bf9394e44dfc086a257a8eae3343dc52dec273ef4bb7058f6642957cccd19b557edbd1d2f23582ea8db77f08c326d113e39eeb66976af9dd563e0b37ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
e949d8e491c708309887161685b9abda

SHA1
85cf3d812c918c4c515a347c9115488aed444182

SHA256
a22bb6286bdc40deaeeff9a412b44d758c9832088c84b9026a58ac59ab8f6049

SHA512
34adfc925bd458caea45a7193e40aa8d3d390acd868f9bc2e0de282776c8c184e42edef86d93d9b186c2cff7aba01d9336f0e1d23b96799108532648e430ce1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
082d2f3753c1808e2aaeb86585bf4e6a

SHA1
c069af7ece98ee88c8bbe593a995c9447d60a3a9

SHA256
92d6995a0f7915c9d0992d05a018bf00b38bb7906469d6fb2109cb1e81a6ce77

SHA512
16a8b8950437abe2ccbf44bb56605fb9d9dfa0d15eb013037279cd38b6ebf6770fabb0ff514689b45c70df158dbb4eea14baf1f041bc6694a3a1215928b45b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580347.TMP

Filesize
83KB

MD5
78b26cf755bdb3de3bf4b4fd07828df0

SHA1
d843856586a04172d7ef77a8880ad36d63aa1b77

SHA256
30a08c9eefa75f2bc90f3a458e36b8f5bfd912d64a4b07e962b59fcc0b1db081

SHA512
6c63d637a612c5728864d554cea93bd9873c87be4500ea990cffcc92ccc6e7b1b078d6f3daced30834d9adae1bfb7aa2daabbd5c7f444e8f960e770232edbf4c

Download Submit
\??\pipe\crashpad_1696_YANWYRUZWUGPSTNN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit