hxxp://movierulz[.]com[.]de

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://movierulz.com.de

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608751015915184"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 4500	2400	chrome.exe	82
PID 2400 wrote to memory of 4500	2400	chrome.exe	82
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 1700	2400	chrome.exe	83
PID 2400 wrote to memory of 3948	2400	chrome.exe	84
PID 2400 wrote to memory of 3948	2400	chrome.exe	84
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85
PID 2400 wrote to memory of 628	2400	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://movierulz.com.de
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc0b34ab58,0x7ffc0b34ab68,0x7ffc0b34ab78
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4252 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4552 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3008 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1544 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4932 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4780 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5256 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2984 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4840 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5404 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5744 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2724 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4980 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 --field-trial-handle=1600,i,2623546236609914601,3907781664615168903,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
67fd5f754f26534e4fa50c85a0b0d77f

SHA1
097d9adfbdf61fc02cf3bb1065c7f955e961894f

SHA256
2e650d8876d1442e11c8158aa88a571da760f9d9698969feed46d928dc29738e

SHA512
5497d5ae0cd4275e76186cb3b64c5df90c75cc000690b7f7ac3240878c7be7fdbefd84eb1d3a4047e16071321dca8505641dceb58deaed906a9f10a0c84055ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fa2a948c903178114b56777001e105ca

SHA1
5870a19ca6d827599e99b6f7849e4ae4ecd3529a

SHA256
a0e374bf02b41486c442320c05542211a2262bba29e9c212ab28a44759773408

SHA512
c2d545088ad5fb896a8abdeac9b8afdb1e3e0f3a411ea943788cb7e6b2fd92118f9e3fb17ba0afebee3288d82cd6782f773dce5ff72c7a88503cdf94c5dd5753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
2a5380eb872e6c3fc4ab78ce7e1fa198

SHA1
a4fc373e1b0c257af4b7c4f4829831f1645cb428

SHA256
7bae01f704323dd384b6721626b4ab664f05845d0fdddfeb944dc2e9c1ad69b6

SHA512
e8d3de4ac4393c56425a45f04c2b4158a0bb18e13d6b36694b5c5e91c91f8812d800c04bc34ac9c271a2d39955897636206735a5b48be2e7878568841dd2ab98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2494a10d2e4e91a9649705b4bae00b4

SHA1
ef5fdbe8a915b6d967659c2ad1708b6514221721

SHA256
0b060716abb7b7bf9246dea948091cbbe756b49e5a44c01a583308ada640c0c6

SHA512
37ca90e9a74b76044e228b371e2c7c1a52b31f82763084e44fc81ed3c22eae0c6a1629b1a6af604fbdae61c0480cecd77ac078213f88ece8ae3580e3abb7129d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
795c8986632b0b5b491c63ca4830965d

SHA1
4206b3277e6a35a0977287315b9a5628edc04cf0

SHA256
3b89167dfe4cf9fcc8d919ad47d13518082f89e93afe41f98ed51974d05e4ccb

SHA512
671135f46d19eaf1213dedd270f0c91142f3bc4bf62b0ce2cf6a79386f8aaaaec7d658c1f01c110f54b9e9559e42a86b00096ec1f9b656340c3a829ea67e148a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d6dd9d28a906d0ae379147e54dec984

SHA1
fcf82c4aebcdacb8c0f448a1abd0b0c82d46862c

SHA256
b04a224f6f4d8121bf05ee5a7f5f8e19548b0402a7a4a9644ded43f4755ae732

SHA512
ef1466246c151a191a1a9186341738c236b85809b82e5171808b666ddfd4752a5eaf21f7f20267316775745b06c0c33c9da6b109c14496f5a6c23c2270a9e26a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d8a0c5babd3d9f4f8fdf2c2dcf6344d

SHA1
5914413cafd6ecb2a04a25e33c16a8e740f9760e

SHA256
0e9c941ac158f0424c222a5bc015d07d52fdc72f6594fee26fc9df4115adf136

SHA512
3fdac60b59dc693b7c47ca7672897b215d7d6f7905a32c583cdf359564300adcb0489b05833b408d2aebb4f94572815dc9bb90b07a023d098fab725d3b68b58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8644ebbec415656b4d02bbaec7eeee70

SHA1
1357b84ed37d17c1858730874bc082085efea38e

SHA256
e916108c0fcc714d741ca7bad6a08c0e4ceec78a6bd1fd306e48e22a0cc4cabd

SHA512
1b496bdfcaa625bc333943d33670d838b938b7ad42592ed0cddd61ed41f1303b59449a89d4a407588015c46d8719fc6ba1f00811d11023970b2f54348605a625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
43f3be18a28c24daf813881364088907

SHA1
38a471eba8f96d59c7bc070644fcbfee94244121

SHA256
776fcd95ce7afdd0dec0c9807bdcd920049ebbb9102d7970c5ef8a2838221dd5

SHA512
b2509b38a66ed1e339d47a429b6c07dd56a2e6b0693c239ab253e3914c85c56eb94ba2ca9ae00c759e4c2e5165f0a7425733a860a5dee1ae74f871dc5caa2a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cee86c1187ecb6d5beda4a692c22733f

SHA1
4586970e31b758914febe43dfcbeeddb801a58aa

SHA256
835650f95ccdf0e5aa6a934fc9b2bc7f92c3e1f9d9e8540ed3ea8887ab7a95be

SHA512
6c55d5f5b5e459ea76f6741310a93a4218955088b8bc7e49a1221d3cc9369d246552714608c339ea04e71f6262dba1dfb2751c2e06b08de49914896a8ebda637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3d338b982e6e458f0c4e84cf28045363

SHA1
c9390975fed3cdd2cde21005a1d8c9f345f6148e

SHA256
7924465fa026a4daf9fb99912f3e4373aaeca6290ba209e2e6a585228ca94c2c

SHA512
abbe539945329b90dcf86181d1384892b2f7843b2fc8145e2befc075145a2bf45474f322ffaa21a7b74252670fdbd9a5a77053ae54e221263c1ce49a91f2d052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ccd6782c6b89192e47f0a2995dfaeed0

SHA1
ee1c6fab2b268f1aeb938de775b39c4090db809d

SHA256
ac5515e5c9bd8a51d313db61bb52b2b8160a17c437f3516fae35b61cd40880e8

SHA512
689cb7c8e12124b9eeef884f9a5fe1a1e97fb6000658011c43002af5bd79a3082afebd82413f8825b36f383beafd5f5eda09de1e10de33da38bf9f8828156ee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55044d93469bff7902040d0ff50610e4

SHA1
9abe8eb2cb90fd21da7f715163a81d90c97d23bf

SHA256
403d7d110e8c19c0b1d8d96842935d0cf27af6563513ce8398e78c4de735d68d

SHA512
1f602a0a6d2fb080f47e6d9a585bb20cd5aab312cfdebafa91a8c819466da19d17ef2fb3eba4a1e50af8185093f701f6a0b36be28d3673bd2673baf6fb06a9e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
ae2c6cecdd035e1dd2e7bd03851d0f4d

SHA1
1267438de24c1bcdce139f559142dd651504fa75

SHA256
85c7a4482d052ae9be23f9e796faa62ec827a974a14849cf40074c76dab060db

SHA512
d6e4e227b6a2a3de60d67c559e4c0921c4bebed87adaf4cd24eb15834d5a2ab4b365028810103c0bd26ba75e47974355cefdf87f0bd6c82b0642a5a3c0a13814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
29cc856d496618ceff831f5e2ee64506

SHA1
6baf40fb247c3b9a3e09acf6c4eab0b36bb28628

SHA256
25ef545bc75fa7bcc1949a9b961c6c63015f39afae41b951537056a3b75d3844

SHA512
291c42a56922bde40b233114ca83cb7a1d7887050e64bb3c07476e96a73e6ad40e0c5f9bc0cbef80730824583a814f776d7c7fd478fe20dcff983cef597fe9f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
9757727fa3df03aa759030a5fe061f73

SHA1
77c682bfd365c39ff6367d7ba723c8c9614b1362

SHA256
e63e78e1948683df8ae8be930402d225cf0e71b7e6d5745929511e88420fb723

SHA512
ae7130cf5b1dab5a5f3517d79df604dfcbbd41adcc97efc6bd3af0f04f594fa60ad6a4519b4c55134249179729f3aa82edb662c2a3412454acb0c278339d3429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
e62ac5d7e25734a5970b08cf1cee2d27

SHA1
fb771fc8b547173374584b43524978b873fc4d86

SHA256
7b660601b262e809d9142ad8e610e4cb5cdd965bca776debaf40df13ed26d6b5

SHA512
df104f0b654b3cebaf184138f6de699d02ce57a143282adc42c088133c97910eeb46a4c8f64882385b0440d8ebe96e5e5a511c0a0dabd390e5c0e2c56ecab150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
0c08bb4617101e15ba25687d935d238b

SHA1
ec6d85e4bf12ab773d20512136772e57c785fdab

SHA256
f70ea8a5bfeda96e88c069ba9f702cba316fa73f3a6b13965e988a28a4d27dd5

SHA512
74fa2ffaa07104f956dbeeba07306b28c90735d491014e11e5b4067a49b7209406b56e7f5651914498ca8da75e6f260ec12ce440233d80afbefd013e6bcc1aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580606.TMP

Filesize
88KB

MD5
25715d2594d70cde21eae5f6768bb860

SHA1
681abec427657d80c97a97fad8dc2e2e6e9a557c

SHA256
29822610bc5fa79574aa1934d8cc3cf3cdd471008d89fa119a254282480c3767

SHA512
85a8c96cb0de410a6c14b0df95f1a4842c5cd29f2b5ecf727379ae24f42243107a376a0ee484f836b4a4d1d72c0c09a536a7aefb4aa957b52d5f0f9572d3099f

Download Submit