hxxps://qrco[.]de/n8mxa4i5VHuJk4PMwkLpvyNqgwLBQ0Sb/?zwphvtjquqnl/pub/cc?_ri_=X0Gzc2X%3DAQpglLjHJlYQGXHi3ygqqrREEgoSeza8UICjjze1whbSsXnwpzgE8gG5CszbXAjhO3FqKUWVXtpKX%3DUYRTAADY&_ei_=EM6hiIRZ6IbTRQzpp7EgfWDv5wmb7wtZr_HKt4Y9565l73Y_PqZSaCEhvHs0mzNqB-gBgO3tuO3UzGxLd8-XUq76ZMc933xI6KE-OcN9i_7_vZ1nKFQzNpaL4RiL4mq9EVgUJPIQMWCvlw3G0w1CjXYcIG-BSVUdKxTJ-nET9bFyCwB2_dByO9r2C-jKzARF7AriZjx_pk4nCrXsqa5CQmpAUkWEc-dfHJ9wX73GWCpfF57_v_ES7Af2szUwfyD1crCX8fOSqjBUZSUnMozbxe4aYYiNhDFxL-2jMKdpABJE3vtt_geGts7n8Xf4EYbq7j3d_IMY4o8Q72577S1E3LPhYqvKvmKbTUvvnIMLzsO6OHpvMQd9_ppOuzIIivn9ZEfO3rb9O9j_duNb3MRYEYBN-0s24zFn151NBJlyD6Gq-MjdBvSKqeeKbw5Wfsj_VyMcrEbHNU3N-Fwk31llQYD9Y_KwimheCdKUAFPtoMQQev1yIcv8hHULCmqh0T1-CEH0F10XlSOydOFp_GyqRNIoG2OjudzyH2-uSleZsarzjYlowPA825PtI7w6EzQlva8d5pko8MVh5GhEP_jIa45zP_XmcMGT6AurPE-K2-xcw0R3fJdeI2HLvwr04_2EB8cEsQvXASU8ndzsHdI_YoX-pNX-DGKMx-6o7E8ijo1A4IQu6extYnY-yNU8Vt-z9xT3l2_ybVcDcwUj0ZQbN2JWPhpiuk8AtxJGzNnIrb4fD-PiJQXEveDyN7N9WsWB0Lg4So4GVp3wT2J2c8BxTsaHBlF99Acrgm9dCZjD_F51LbRK0LCxQjX-tsn4QuELhVAmkIDb_mIoHBFMG6pvRiLCwd_1KWrY31qzwPtEFzqzLUjtacn_BU8V3jK4bE2aqaNyrQaB0oaSFT5kgpAzuJ_iH7j8LpQz0TQLZ4tmiAQeKYiG_FGPh3KXElLE7DkhVTs0Oi8Q6tLs6smyQq4eF3hLlTnnZgSTePsTLxmDzrSw-KGeDyW2LkOZ4kbkxvCGN6seSt91qJ5eDDYhrv3-FjtktxugKzF7yfbej64mQyq1x75cGd6er7nAEMPG28MGLOx9idu5hHS8xpH3XiKhrSQQ3YC3jWQ8qY-EF-Q0TcdwfOj9V-oeOy0KZ-xAMn4XoAuVsYtm7dInk0l0GcUOHwbLnVpy8vKxcHhomXAYRvCzxOe9DPAf3WyCg16exynSJ7tVWJIJA2HKvQ30Pkd9jo8ww7nT6bHa-kCAU5sP0R60XwbaOD1Va5lezql219BRJKOoQC3Ce2b6YAtmFxpVQCXmavy8ISfNPYLP7iYDoR3ywadCKdxWiaVT52gr[.]&_di_=auf9n3qge530sjoc9a8mlfu4dl79cq7siqsd7tr5omthg3894hpg

Analysis

max time kernel
63s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qrco.de/n8mxa4i5VHuJk4PMwkLpvyNqgwLBQ0Sb/?zwphvtjquqnl/pub/cc?_ri_=X0Gzc2X%3DAQpglLjHJlYQGXHi3ygqqrREEgoSeza8UICjjze1whbSsXnwpzgE8gG5CszbXAjhO3FqKUWVXtpKX%3DUYRTAADY&_ei_=EM6hiIRZ6IbTRQzpp7EgfWDv5wmb7wtZr_HKt4Y9565l73Y_PqZSaCEhvHs0mzNqB-gBgO3tuO3UzGxLd8-XUq76ZMc933xI6KE-OcN9i_7_vZ1nKFQzNpaL4RiL4mq9EVgUJPIQMWCvlw3G0w1CjXYcIG-BSVUdKxTJ-nET9bFyCwB2_dByO9r2C-jKzARF7AriZjx_pk4nCrXsqa5CQmpAUkWEc-dfHJ9wX73GWCpfF57_v_ES7Af2szUwfyD1crCX8fOSqjBUZSUnMozbxe4aYYiNhDFxL-2jMKdpABJE3vtt_geGts7n8Xf4EYbq7j3d_IMY4o8Q72577S1E3LPhYqvKvmKbTUvvnIMLzsO6OHpvMQd9_ppOuzIIivn9ZEfO3rb9O9j_duNb3MRYEYBN-0s24zFn151NBJlyD6Gq-MjdBvSKqeeKbw5Wfsj_VyMcrEbHNU3N-Fwk31llQYD9Y_KwimheCdKUAFPtoMQQev1yIcv8hHULCmqh0T1-CEH0F10XlSOydOFp_GyqRNIoG2OjudzyH2-uSleZsarzjYlowPA825PtI7w6EzQlva8d5pko8MVh5GhEP_jIa45zP_XmcMGT6AurPE-K2-xcw0R3fJdeI2HLvwr04_2EB8cEsQvXASU8ndzsHdI_YoX-pNX-DGKMx-6o7E8ijo1A4IQu6extYnY-yNU8Vt-z9xT3l2_ybVcDcwUj0ZQbN2JWPhpiuk8AtxJGzNnIrb4fD-PiJQXEveDyN7N9WsWB0Lg4So4GVp3wT2J2c8BxTsaHBlF99Acrgm9dCZjD_F51LbRK0LCxQjX-tsn4QuELhVAmkIDb_mIoHBFMG6pvRiLCwd_1KWrY31qzwPtEFzqzLUjtacn_BU8V3jK4bE2aqaNyrQaB0oaSFT5kgpAzuJ_iH7j8LpQz0TQLZ4tmiAQeKYiG_FGPh3KXElLE7DkhVTs0Oi8Q6tLs6smyQq4eF3hLlTnnZgSTePsTLxmDzrSw-KGeDyW2LkOZ4kbkxvCGN6seSt91qJ5eDDYhrv3-FjtktxugKzF7yfbej64mQyq1x75cGd6er7nAEMPG28MGLOx9idu5hHS8xpH3XiKhrSQQ3YC3jWQ8qY-EF-Q0TcdwfOj9V-oeOy0KZ-xAMn4XoAuVsYtm7dInk0l0GcUOHwbLnVpy8vKxcHhomXAYRvCzxOe9DPAf3WyCg16exynSJ7tVWJIJA2HKvQ30Pkd9jo8ww7nT6bHa-kCAU5sP0R60XwbaOD1Va5lezql219BRJKOoQC3Ce2b6YAtmFxpVQCXmavy8ISfNPYLP7iYDoR3ywadCKdxWiaVT52gr.&_di_=auf9n3qge530sjoc9a8mlfu4dl79cq7siqsd7tr5omthg3894hpg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608594862512846"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe
Token: SeShutdownPrivilege	3668	chrome.exe
Token: SeCreatePagefilePrivilege	3668	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 2552	3668	chrome.exe	84
PID 3668 wrote to memory of 2552	3668	chrome.exe	84
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 4404	3668	chrome.exe	85
PID 3668 wrote to memory of 2656	3668	chrome.exe	86
PID 3668 wrote to memory of 2656	3668	chrome.exe	86
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87
PID 3668 wrote to memory of 4180	3668	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://qrco.de/n8mxa4i5VHuJk4PMwkLpvyNqgwLBQ0Sb/?zwphvtjquqnl/pub/cc?_ri_=X0Gzc2X%3DAQpglLjHJlYQGXHi3ygqqrREEgoSeza8UICjjze1whbSsXnwpzgE8gG5CszbXAjhO3FqKUWVXtpKX%3DUYRTAADY&_ei_=EM6hiIRZ6IbTRQzpp7EgfWDv5wmb7wtZr_HKt4Y9565l73Y_PqZSaCEhvHs0mzNqB-gBgO3tuO3UzGxLd8-XUq76ZMc933xI6KE-OcN9i_7_vZ1nKFQzNpaL4RiL4mq9EVgUJPIQMWCvlw3G0w1CjXYcIG-BSVUdKxTJ-nET9bFyCwB2_dByO9r2C-jKzARF7AriZjx_pk4nCrXsqa5CQmpAUkWEc-dfHJ9wX73GWCpfF57_v_ES7Af2szUwfyD1crCX8fOSqjBUZSUnMozbxe4aYYiNhDFxL-2jMKdpABJE3vtt_geGts7n8Xf4EYbq7j3d_IMY4o8Q72577S1E3LPhYqvKvmKbTUvvnIMLzsO6OHpvMQd9_ppOuzIIivn9ZEfO3rb9O9j_duNb3MRYEYBN-0s24zFn151NBJlyD6Gq-MjdBvSKqeeKbw5Wfsj_VyMcrEbHNU3N-Fwk31llQYD9Y_KwimheCdKUAFPtoMQQev1yIcv8hHULCmqh0T1-CEH0F10XlSOydOFp_GyqRNIoG2OjudzyH2-uSleZsarzjYlowPA825PtI7w6EzQlva8d5pko8MVh5GhEP_jIa45zP_XmcMGT6AurPE-K2-xcw0R3fJdeI2HLvwr04_2EB8cEsQvXASU8ndzsHdI_YoX-pNX-DGKMx-6o7E8ijo1A4IQu6extYnY-yNU8Vt-z9xT3l2_ybVcDcwUj0ZQbN2JWPhpiuk8AtxJGzNnIrb4fD-PiJQXEveDyN7N9WsWB0Lg4So4GVp3wT2J2c8BxTsaHBlF99Acrgm9dCZjD_F51LbRK0LCxQjX-tsn4QuELhVAmkIDb_mIoHBFMG6pvRiLCwd_1KWrY31qzwPtEFzqzLUjtacn_BU8V3jK4bE2aqaNyrQaB0oaSFT5kgpAzuJ_iH7j8LpQz0TQLZ4tmiAQeKYiG_FGPh3KXElLE7DkhVTs0Oi8Q6tLs6smyQq4eF3hLlTnnZgSTePsTLxmDzrSw-KGeDyW2LkOZ4kbkxvCGN6seSt91qJ5eDDYhrv3-FjtktxugKzF7yfbej64mQyq1x75cGd6er7nAEMPG28MGLOx9idu5hHS8xpH3XiKhrSQQ3YC3jWQ8qY-EF-Q0TcdwfOj9V-oeOy0KZ-xAMn4XoAuVsYtm7dInk0l0GcUOHwbLnVpy8vKxcHhomXAYRvCzxOe9DPAf3WyCg16exynSJ7tVWJIJA2HKvQ30Pkd9jo8ww7nT6bHa-kCAU5sP0R60XwbaOD1Va5lezql219BRJKOoQC3Ce2b6YAtmFxpVQCXmavy8ISfNPYLP7iYDoR3ywadCKdxWiaVT52gr.&_di_=auf9n3qge530sjoc9a8mlfu4dl79cq7siqsd7tr5omthg3894hpg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99039ab58,0x7ff99039ab68,0x7ff99039ab78
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 --field-trial-handle=1912,i,16494577750936838812,16736777781743358414,131072 /prefetch:8
  2⤵
  PID:4280

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\99f06bdd-117e-4132-901b-7172ff7e8f3b.tmp

Filesize
91KB

MD5
72f26c8d22c29af14f7340190b6774c4

SHA1
8d666f0b14c495c89eee20cb12a12a970d7642e0

SHA256
4dff0d14bcd985942665964467dd1a105318ef5eb2e04d23f4525417e1e3de3d

SHA512
20d2eda95bb9509bbcd6c555db2272e3af7edb4fd6a9a3d5aba19a8516e3b67591bf5edb9376da520ec00e3485d43a65ce2b6768c592ef7759e0aff1e1ca41f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f50c3d8b86d5401a5da60674298d5f93

SHA1
1b021b9bd8dc437765cb890644d65fc1f854a43c

SHA256
eda1921152322080039e2958e99d5ef3b3f7a28365b2e2e1eecba1480469cafa

SHA512
3650385cfb9dbfb9fee70fac0710d6e4ad64384412705c66feeea2197be26d0a3eeaf82b608c5772c4ec2c1dacf4962967be0d55cee29d0fffbfac35232f26cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c89f9317e37ac0bc9658a0e8eb122b6d

SHA1
ad836b88c32dff5a729aca8d74e5e01f7e4f0211

SHA256
2d87204f2ed817eb9d2f92a92fb5f9b4ab5b8c6edcf865df5abe1b82dbfd03fb

SHA512
27c4740ae14ce76153f4559ee2c6f9c51395ffd79bb836fce240a1f6453ae9019f0009361810ef40e1b5f071461dd0ccaac6c72d58a6c8d47672cfcad733dd08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b00df3507d11723662311cc1183f85a2

SHA1
6f76e43d70a02a484f42d7b2ea2571f3f5c92148

SHA256
adb835cab129884cb510644a2a956b7cb87453dd276cec0281cd425e3666f0dc

SHA512
d08236bceab76398c693fb0542dea43a0a26bd3a2088d6b197fd6c5b468b81d364b84dba6140e41b71ab58751f2ab9eeca58b4e7e918153204cd1395dcc2fe80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
8935afcf92355b27003828dfcb35ef8e

SHA1
83ecb27d77f02790bca7fac2d83a8cad85c8066d

SHA256
42f0043a1cb679a0a366d04aaf1439c404a32023e9d92ad575828b4719e84b01

SHA512
d9f8bc0abdcadab68ce3497e0b1dfd1c5d0ecdaab6cb0d8ee00d0593f78c2462899d63769d7335150962051831dd89817e380bbbcf4399aa5ab408f1fcd80d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
898b7dee3447d21e24d6615d72c9dc11

SHA1
6df0e73e851a75a896fb051de61512a7b853c3c2

SHA256
afc68d46df1c8fc640133b901ea0a469f9caa9471b30081bfbd279a07d0a0ee2

SHA512
fb2d2049692419a0b1a38eb3923894037c62a60cde3b5f6e8fbc8934566a42d5dcee2c968b919ee7b2df47bd7fbd55697521128fb83d09436387e40c3ab3e01f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e2de.TMP

Filesize
88KB

MD5
a43da0d94c2be005acfeb26419fb1163

SHA1
d5153426aecf4a476283c944e11cb6dfb61a716b

SHA256
40cf246d2d37ee52228e61903901eb4e9e305e03c39da73780e83f639ae71f14

SHA512
a2a6e1c85789628d205e8a3dcb59ed1e7783fba7be94e03b61d0f2b9b406288b8f50ce532ed36a6d0943db2fb72ee45cd64565c25c875b788b4b2b02789e0446

Download Submit