4fd5453390d3915c066b008dfa65ffb47d3922c124b4d5c098324f95f8a934fa

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 23:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

incognito.zip
Size

18.8MB
MD5

f24aee225a6cea3616dd54cb23f52338
SHA1

756e3e192ea0d8849fd293a22f5c4f8cfbb12ffd
SHA256

4fd5453390d3915c066b008dfa65ffb47d3922c124b4d5c098324f95f8a934fa
SHA512

a80dd7d1eb112b71103ae5119a5df98e70456b1804e48109d9f56a466a58b5ed3210b3d13851ebcf0843ec63f57989eaa9e97e7aebfcac5e6f739b0382cd4208
SSDEEP

393216:1MuJKZPnvYX/wAeuG2Vi8rVqwqo6VUmFkIUMBbl9xu9aOQ:1sZAwAeuG1AqwzimIzBZ9

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613246830917052"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4000	chrome.exe
4000	chrome.exe
4552	taskmgr.exe
4552	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4552	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4552	taskmgr.exe
Token: SeSystemProfilePrivilege	4552	taskmgr.exe
Token: SeCreateGlobalPrivilege	4552	taskmgr.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe
4552	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 4508	4000	chrome.exe	101
PID 4000 wrote to memory of 4508	4000	chrome.exe	101
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 2844	4000	chrome.exe	102
PID 4000 wrote to memory of 4364	4000	chrome.exe	103
PID 4000 wrote to memory of 4364	4000	chrome.exe	103
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104
PID 4000 wrote to memory of 1688	4000	chrome.exe	104

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\incognito.zip
1⤵
PID:3080

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff45aeab58,0x7fff45aeab68,0x7fff45aeab78
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2312 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4168 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1996,i,3599430177092207604,9393323855081950161,131072 /prefetch:8
  2⤵
  PID:1720

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
95cf89beed114c9374b0ab840a9eee7f

SHA1
92ccb1926c2415315dc03a039a2e3efb697adb5b

SHA256
8235f93317c716c952d979b47f02d27ce704bb8d4d17d285a6b651fe21a5af67

SHA512
1ff640880fae93acdc97c0534162f071c11646fa4f742551b2e74d3dabbb6126263edf00d350a3938eaa6aecb1f8e40c55799261c7269c1d296fe98c84a99a6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
90984a1a7e977344d69366ab673b14c0

SHA1
81243f91d4f2cbc3b7d88f63d242f73a212122d7

SHA256
7aea57e7ae53f4c76c29c86434a2a402ec96db0978f1c0ae9428d2fe0065b15a

SHA512
3e1f8a175c0c2c389e6a094b8b91694dcb7d1b9156ab97b20433ac1917cadbad830274443c1a7e727db6b4455bc6931ea211e6876dd4bdf8dc3301043de8a7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d47e487d4a1c0a0dac725efa45427390

SHA1
554decd9b42c65a24304215537e882cab85b9b51

SHA256
8ab7fe57060006a7b645dd7e6eb5e21e9889720ccfa548ebb3862e9adb88accd

SHA512
f4388bbecaaaf66958d4babfc0c7d01ce9b6178f917a891e074b1bcf7e51269d8251432474328986481b7599379407307c2374972105dea737304d3ea9b3e5c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
f84bac1ab7f96e8a04a923dcb2e54f03

SHA1
0ee353756588b81b4ca4928d05bafe920dee9836

SHA256
e5fe62d44ae82e870314388a1f84b3ee6e191a6d7558140af9cd2922d4aa2c94

SHA512
c4d244281b5ac76cd4a30c870cc1920fffcd7b6516f1493fa97d0825ede410a765c3fa876e014c5820cb36d5d2c106b0091f0f6cbadec08085d3e64123f378d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
87d286a91f50d4fd8fc567743218749e

SHA1
3da331685971f5ae1dfde054400fc256ee8e017c

SHA256
294123ef323ca2fc563c4b8d55ce41c248443e5cd9a11108d6f3d2474afe9781

SHA512
36f0498accc172cdaab94592d09edc54f52ce799923fbb45c44f24a1ebb58f2beb1342b66db73e892f686087ffa70e88810e166cd482df689e9dc6697af404e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
05465826177dd321f596d1058e92fe5a

SHA1
b25e13a5ad562d0154839f2ee60d6dae11ca9dee

SHA256
8498ef94108459badb992940a079593bd8317fa9f89744383cbf031978e18b50

SHA512
77fba96ca0e6d4331682cfd88fbac4a3dc8b9310712b898f8b6377be5201b40d7e34eab1c8baee8422c4118cebe124fc439cfff0b7be6c61c5aaed4506d4155f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
516827ed224de9ef5d86cfbb5e23775d

SHA1
c6a6943686f332bb389d8f870b2a0cac0354fc10

SHA256
4d0b6d9a43e87f2e7436fb893a9223c9885d91c9c714fd323b60daf24fed551b

SHA512
901aa7162a10a24ddc0aae502680910e3bd4d2e29ee21f00a439db00f1da8734709538b7e92f490f5c411e7ea2e25434f30d76a40cfedd593d25770a92da5a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
eda563f40d0a4987839e5393433bfd7a

SHA1
929612c195c7cb7c9ae1d17f831bf06e031efb37

SHA256
c3546c82be0bbdc88a13b2ae8cf8872db6db855a1f45f2c3e68bbad4f4038897

SHA512
e29cb28ba280e9769caed032e8ff43d3416c4870edb5ed200d9633a3ded141c0fcd10b8ab4d7686145a5d10573f5c515d5fe08391d120741ae24386a8195ec79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e8a6.TMP

Filesize
88KB

MD5
9d734918496b25a7e6ade96ddbaffdda

SHA1
48ae423eeaedac450ab8df31c9fc2bcd4a8cc527

SHA256
1231c4ae4bb199b5f6b858752de229352a14c085363ff0276b196e92781c7bcc

SHA512
cf0c2b7a0e39e5273d897027aa453bc75f44c7f901fd4fd7e9bd15950e7144c838f75738bf49d96692678aeffabb39e50b9fe2ba4443b98a3d971b17a870acc3

Download Submit
memory/4552-10-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download
memory/4552-9-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download
memory/4552-8-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download
memory/4552-12-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download
memory/4552-11-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download
memory/4552-0-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download
memory/4552-2-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download
memory/4552-6-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download
memory/4552-7-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download
memory/4552-1-0x00000269AA110000-0x00000269AA111000-memory.dmp

Filesize
4KB

Download