3afb601c88f3d5751f57c6478cb2af1211dc02d3b7f76d31936722f5d7c385f2

Resubmissions

23-05-2024 02:14

240523-cn6lraab4s 8

23-05-2024 01:59

240523-cewp7ahh34 3

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Eac Forcer.exe
Size

105KB
MD5

9d38c8fbe7254ab161071e3900da36ad
SHA1

0da5905b5077f23a4bc44570f0a1a18bed45391d
SHA256

3afb601c88f3d5751f57c6478cb2af1211dc02d3b7f76d31936722f5d7c385f2
SHA512

de9d5b8bdbaf015bdca126155a351950c382d9767b90b9e263f71582ed9935179d83456f4628145c3a45ae1533db7856617c14cf7a47303ef9a4a6aed3ec002d
SSDEEP

768:NeHspXXVl6Wqfccyk4lmw12xAaR8kJBzvPzgI75Dj6zAipK:NeHsllqfcDlL1KR8CBzvbH75Dy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609032768992470"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

4476 chrome.exe
4476 chrome.exe
4476 chrome.exe
4476 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4476 wrote to memory of 696	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 696	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4132	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 3376	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 3376	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe
PID 4476 wrote to memory of 4464	4476	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Eac Forcer.exe
"C:\Users\Admin\AppData\Local\Temp\Eac Forcer.exe"
1⤵
PID:412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd854bab58,0x7ffd854bab68,0x7ffd854bab78
2⤵
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:2
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2348 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3720 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3996 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:2024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4768 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1732 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2768 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5036 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3124 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5220 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:2424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3192 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:8
2⤵
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1628 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:3768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5704 --field-trial-handle=1996,i,7051655285052120803,11735432599713345561,131072 /prefetch:1
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3744

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
d89196271aceab40a43e3776fe7fdf6c

SHA1
5c97836367278c4143157fc948133dcde9a6588e

SHA256
02dc35d116b36c512ee8580a8b5307278e7d574ca927f8f7ac7c9c273a003db0

SHA512
7a1b172e88cf9a051debc75534b887494f1ab7671b080cb8a43ccdfcff07b8e345e3d104fbf264948dca3678d52a93def790db62fd5638d0aad3f76550e763cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
bcd8725edda3510fc86371c6d9efe8b2

SHA1
81c64a165f16423d96775fbb4651cfc04191eb7a

SHA256
f26cee83a0ef3dbcdf268608ff9faee01d931153435b35e8783f42bbf7c7d256

SHA512
615be23ae1f7dcac188b529eae04696d8dc554c7e43fa7019fc33a12e893d01e8f5caa2c6b376bd00fb7317bf0e3d16678353bb2c4ba0f3e4cd4ee22bcd94e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
c6360731daaab222898d24056e411d86

SHA1
8a1966c4ad47223d1f0787ce94b8acdaa3f49f80

SHA256
2d58bac6c3201e51d36751429b851ff160b4a54dfc67031bdccedda6e82e64d3

SHA512
dc874e4b1fe1d1d370ff8913a7c927629ec532d3c0453a8f0ddb88bf6d594903fefd2d4893e38e781f72f4e2631b232a7d66b919d2ac98c8ac39f75d5ef25f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
a7d7c0f93f37e216b4c98c947403c52d

SHA1
37c0acfedd2646a7ad79b9310fd52a19246199fb

SHA256
363539a52af930bd475b45d4451b99691df0d5c135c102e7c4e98196ab0244ba

SHA512
da75d2ceca9136e465b24645c62ea35aba01918d06b21e75ddfb221dbe4e918ee669811307606fb55172c5134d4c1250c0f64ef97454be8527787a6bb8258774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
d6479bd45d1bd6c9ddeb602781409e28

SHA1
095aa977eb940f6735e3e3cbc94a2e32b35f9032

SHA256
b3cc56b5b6328f35df3bd79ef07cc3f84b639d123339d9b3d17fcba67d67cd71

SHA512
306d0446487e3883b4abcac7d28f1b4d6f9a170d61fe4c29258b818995f31775e579ba42d8723f4c63781fc5630a6ef0f949d1b662df75e5b2b730fec209ef03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
b487f116c4aec5eeeea4cceb6d6269a0

SHA1
58c62d978c43e47664ee8426df802cc13f46b0d6

SHA256
8c9af3e20e983ac607925840422c85bd553c589a6f85ab81fd31f106a8088df4

SHA512
4e9b9ada49e9f53838d83cab1a44b7209068a90586ad51638d85b44cffc7bce6aab54f25c8aa9c138270492573d45df7bdc7bb6b8c65c0be2bfa17da63aa7647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e1f647db4b45e686a2f7a252905770d7

SHA1
1c3ec6baf22b031a864f83a8db452447406a85b9

SHA256
8c106cc9bc8c0f88337dd17c8c224b980db85946611e135c32767e45567e77ac

SHA512
14cadb6a317fe8f18f583207e02b04dd8d0482ad91f69001f219603d1634e29f73fb0c8a97c56e72c22f398b3ac6a00355408fdcf0259a37f769640b890b2508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d9b30da5330c3a40a740eb2d400742cc

SHA1
62e0490bc08e059fef1b4db76d1d2185ac61845e

SHA256
f8dc5cc788a6f240835c9715673e4c9af3a17de0d52f51480819de1f2daa5225

SHA512
7f2c8df15f03a9b894a01894befdd2d3db4f16aa7e4837a06684500ca251b567390c24809969a546322ea9e1d1d2973c425ce01ddee0d58894f3a5d954683662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4c7999ec3eb3d85d506996c5965f24c6

SHA1
e3b0a404da0563fad7c8cdf1f05fc8a016949047

SHA256
ed30d7c25e2efd85c3e5f1284844ff67beaf62dbd54cfe4f96524a389d796f56

SHA512
c4049f47dcb8d0f78f4a30a998456449696d486ac3eeb41d7a924679dd4066e17dfffe44a9ccd652c1639d39c2c712cf1f6d1e5c8d13f3314e5ec045097d412f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ef58d2fb6a0a75771bb2bd14c2ad8a3b

SHA1
c9121f3a87e0e0dd2c663aa94e880501147b85d2

SHA256
17cd8b83217c7e4e7bcfa15a419b202c127af22b1770bdb40f2dab25542c264e

SHA512
f5cea54bce6bd98ae76cd4d9b213592a63752a5d89dd77290f3eb8df9a5ff32c27c27b4a38cc57d7bfee93cd13519fd04fa9bf25307cfa6559139ca694ccc4fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
c515280103813d9ab0cd394ead00425e

SHA1
9f99b43636c90fc00da658945cfd864219aff58c

SHA256
d61b8b71c2e2203a9a58bbeb2dd07bead0617acc788d8d03ebf2d6d692270df9

SHA512
0998e69e44039703f1d5682b1d593c259168630f5cdd789f39176be2db963c4bf2b039fb026b5f1a527656bb3310df972985a84bbf618ed43a20e61625efe0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
0b545494c150be4c10c68b31bb0b902a

SHA1
6423537cf937b0375028e32fb5e916a53e11ba76

SHA256
afa6128b823a2b1b03164aace1783813806ea4b6e7baa3a0fb08a5996ed4b9dd

SHA512
09d959e8c49b9aa3e8f401f2ec8b538e1351c6180948e270198b487c29296bc078e6a4124dec98d20c3d9642ebacb80b434f8e8c14c90e6790962f9c74e80072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
302KB

MD5
aaea315dcde95fa080cce31903379e61

SHA1
83f7614f3ce3241086d0ac361bce6996fbeea7bd

SHA256
fae84787b60a063dfc2e11c97bc691f046d74cbe8ffd426a5665fbbad1c4d047

SHA512
a99e5b3102e04c58b830722d997342fa70947de136d1ad70d882d4dc7e04d748173254efb4683451419f4ce129029891ef21d0b3ebdadc74f75df2dcb474c44b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
8b63b5398aa85dfbbd86eaab41fd37ed

SHA1
9be455d25c7bd27eec22c3b07e87462f0a04e49c

SHA256
7dad3f03dea9c9efe48921b639725da9a6ba484a710599786913aca44a153c4b

SHA512
b96877a52cf7b5c06c349e2b75bff0489496ade7c34b4b3b9726a5cb1a583069f33a4147aeed993658c9aa0d2a1deea0695782ad31b62714a4a3f43c4f38c308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
f34a1f5f0cb31ba5127d59cccc8a4beb

SHA1
908bb902cd20b8c4ec2a33ff28d922ba93b38444

SHA256
481502f15b22532c424e0da177c46f6fd47a9d15350ff054d888a1c3e3ed75d1

SHA512
ef8e026715ce96f5ef549c7c138b32f13e2955b1353864f66833f11d1fb58b66aeac70713ea3c01e30fe37dd3ee4f0cbfe570228f37847f95ad7b5ff35672a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
3cfeb0c823b5ace6ef06d7f21b77f29d

SHA1
d35ad6d75893dde2dae56603529d2971df5e45e7

SHA256
f7587f116e2ca685cb31cf8feed361fc48bcd81b12a14cbcc78e78dfb3bcdc35

SHA512
cf321865aa34183c5b515adcadd5b96ddd6f8b0d2442a89b7ec87d0d56e994bd34ce18569b4dcfc3306075395114587b11f04b6feca06aaac15384a91321d020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58acc5.TMP
Filesize
88KB

MD5
38438cf7576c0a2a9caec236129ff5ad

SHA1
f45647b6a031c7b87749b242c180bc47e72bc90d

SHA256
586e697d17636fcbf2128d95c622f8391944b8efeff28cd846455b1e156cde77

SHA512
9df4ff548cf6a1ce07cd44d4ee3bfbd8342434a8b4a5ab692887309c83dc9428f6138da4e0e1b8f058e56bcf260f3f61ec266f373c4ad6185597765f6945f15c

Download Submit
\??\pipe\crashpad_4476_LCEGYXJSWOHRMWOL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/412-0-0x00007FF7BA090000-0x00007FF7BA0C0000-memory.dmp

Filesize
192KB

Download