4fd5453390d3915c066b008dfa65ffb47d3922c124b4d5c098324f95f8a934fa

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

incognito.zip
Size

18.8MB
MD5

f24aee225a6cea3616dd54cb23f52338
SHA1

756e3e192ea0d8849fd293a22f5c4f8cfbb12ffd
SHA256

4fd5453390d3915c066b008dfa65ffb47d3922c124b4d5c098324f95f8a934fa
SHA512

a80dd7d1eb112b71103ae5119a5df98e70456b1804e48109d9f56a466a58b5ed3210b3d13851ebcf0843ec63f57989eaa9e97e7aebfcac5e6f739b0382cd4208
SSDEEP

393216:1MuJKZPnvYX/wAeuG2Vi8rVqwqo6VUmFkIUMBbl9xu9aOQ:1sZAwAeuG1AqwzimIzBZ9

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
58	discord.com
59	discord.com
60	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613251813439980"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{9515D051-5880-4123-9763-DB4B03698D01}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 3224	3632	chrome.exe	92
PID 3632 wrote to memory of 3224	3632	chrome.exe	92
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3244	3632	chrome.exe	93
PID 3632 wrote to memory of 3596	3632	chrome.exe	94
PID 3632 wrote to memory of 3596	3632	chrome.exe	94
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95
PID 3632 wrote to memory of 2540	3632	chrome.exe	95

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\incognito.zip
1⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadf14ab58,0x7ffadf14ab68,0x7ffadf14ab78
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:2
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4608 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3244 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3100 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3916 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3280 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3096 --field-trial-handle=1928,i,5025568908739705843,17227255526792863482,131072 /prefetch:1
  2⤵
  PID:740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
107KB

MD5
9527449f04670b12c4fad09e69bc84d5

SHA1
c2aaf72dc006b2f1fd385034130cea117d7213b0

SHA256
e0c62faae58a8f159db7f3bfa843ddd8de166751b0c55d0a580a7bacd1713629

SHA512
4f337f2743ba7b08ffe512cad86c3a71a282c66d4904ed901abb52a011f7a42b33ec3bd4e6e6672815f9dcd5e16ef19b0acba04e658c07fc1223488024207976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
198KB

MD5
94ae6ed6f74c47a8245362579e9f96d0

SHA1
57e624ceb254d7e4d2fd5becfed58ce4e8a183fc

SHA256
56e7ff59b0f757bc3258732d81300a8fe7bd83aaae39fe822816502659bad34c

SHA512
67529c71956f23161dcbc684cc03cfb3e167dbdf6610c5be9d74918f9ab773fd56521cd29462eb9037edbd7e0164f07534da89245eb4ac340af16000667084de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
21KB

MD5
3a20069ab03ebaf8afadf9b0bee89391

SHA1
308f1ac1983b3352221c205ea6fffbaece1e4f07

SHA256
865ab12218ce087251b3b62a4f8469d792d1beff59321cb0a37a2cf74fe118ef

SHA512
9dde09f34cef94c227dd11277ca1f6b7c25c72901e65c18690ed3a6827bbe74e0ae3192ab01df08af6935a70dee5468060be47fa13891abe2c2dab8502055259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
519554d1a23d01f173af96bbf4a5394d

SHA1
6e098d8c328e498165c5fce4086518379520ab9b

SHA256
6b8a0aa18c0e38e8c845000e0277564c135182b85e16ae32236ad042abe5480d

SHA512
e6a66f51f1b2f01ecc0c0d8eb965dfa30b2180d53011241175d93508c64c29d0d1628fe5d5d33c32edfd2602ffc5bef3f2ec8982e6d0024339328c30eb0b2ea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
87c9cbddd27a3e74b26354721c5f5d58

SHA1
1eacc015464837eeb1fa1a7b85690187fcb8d94f

SHA256
0961cbb8839966b9a85b90958566598a17d76e343ef357868816a560e0b37040

SHA512
ff230b25b5816774be510dad4457e67c8babac9479793d5bf9fbb5aad0db9d002fe8afe3ab0f2a28ca81c12794fe514cf89fc44bafa0ab7f76b7b4b8d811fa21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a1c0740ef35c6dfca95d98a81c26cb0f

SHA1
961ba696b169e0db934bf228fb25c39a823b88fa

SHA256
2c19ed1e0ab3913c413f809a856ca1a6fb210196218eefc96ac9a7b75965ffd0

SHA512
90ac7ce256b3ae8b8022d5b91e01ecf2e6a048747c2e450faa0210aa2be08dde9917cc4921dce79c41861317ab40930236a8a80d227c74c456e8353c9f98e8c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
96c1348830fe5949332303c984d735b5

SHA1
7b5c5a99436b4d9ecbd55382b57163513cc74d84

SHA256
86c97c827e432eee114129db1d9125ce910415b83d08165839286d448e61ff69

SHA512
4365f7f21d0b15ab62e84f610aa036a8b8a6853488d15a40f5459c9919c9d92f64a45c2d88fbc7e4754ed768f7d53fe9c53b56d5aeebb75a92d43177076f7a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
603deec57dd499a619cfb9c3f4735f30

SHA1
e1cdf89f5893df485c990d6a97745d1df16a1a27

SHA256
34f20336b01a4335139660c544db2abbda5f61c0da86d0dea7cfda851f9e3a2e

SHA512
f6d841d8a42c6950c935324973fea1b54ee5e63e67f85e23a424ca03b8a266a859d3ac4af024ba3f4b88d66dc738686b62e3a8cfe87d289892be8fe3cc2e3e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8dd31587b391388cde7d9ef61d47f920

SHA1
33f888c3157c66363f54dc85c6e6b7f59dbdab7f

SHA256
23778044125b52a4d426b4708fadd5aefaa3a65f292cedf713924c186c60df66

SHA512
efcf3a930de1b318fedccb4ca90f6e07c43b6245a5a47b9707bb24b33a93d89edbc58f881035431f3b61eb0bec8fbec47dbd6c88e9504793bca4066d14f2df11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d950c9091bf39531238f3933643708c

SHA1
d81bb7345e4d601bda3ebd568ef5597de3b6578d

SHA256
deb00bf4505d8e150655b9175d72fdcfb3a48ef6b6a0108217e70a852b5fcab4

SHA512
3cb2d321644a5bd25b32791731c92588374b84a6ec71fad3ae8870b5c2856b7ec6454007d560551b5e9f2ed09fc59438183673c0358f9b64dd4bf0d59889ae9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f7656e955e3a6ec877362ef3e0143cdd

SHA1
7947b54c9462465ae3b5cd5ab0c2129d806f8be6

SHA256
1fadd2a22b87897e50af77e59aea44daa52a7ba452709f61de597b23fba8b05a

SHA512
efd78ec69664376e7c0b120abc04d57099108b0e7e689373a3762f7428e38983b81b712921ff7803fa31d4739708beb89088fe82833583f1a9ecb3675c52d74e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1f0839a8b0b8ce572303ff2069d6a170

SHA1
451198e88f3c9ee64f17501f86a726139ce9ce05

SHA256
9f14b3d396aceb0e04b008b3c7f71451afdcb667fc0051da21ceb23852dbe819

SHA512
650f40de14bc4edf96c577e3e617f746231a363a32a0a295526accafb14e6415173292c648e4ca67b93b8379986315c59e583d4b94aff49d41ecdbd0d83260fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d8632a7aa6f9e2eba693eddfbabf371c

SHA1
355317ce4711823e95ca8c32084662474960a223

SHA256
f4ab5b6f92aa7273f6da3afacc988d672f65e68d1e19ec0c105b30c1ebe423ba

SHA512
434e5d7493c9243b11574ef92927b47a262df14bdab7ac8f27e7ced942a434788dbaf950834496f50b7b212264d345ae90b6a7bd5633a7daa3b39d82bdc59251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
04b094bab12f2958b517c84e5be8b2f6

SHA1
48dc9d3defef767d48881eae622555698dbe1aa1

SHA256
15188bd519117c3869b0e47afcac650153c15d49d14416f9cc0a66f59222e1ca

SHA512
b967c9f02b967df62f8ea54f79115fd05865e7128f2b7ee39f1bd982a3562b1c93698c5f3b5f31d6715235fe86c800b8da87a40a2bf86cdceaa89e9c17899533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e4e6a0bfa94ec53085914d5e29f6fdfb

SHA1
f6fef81a5f39773159ddae657dbdf58314e24c6e

SHA256
c90565f173937ddcea78790898e796ae532bf8bc779b2af5e394dd4ccd1498cb

SHA512
fe3acaf17f2369df10ff41132f8ccb1fda366ec9b6fa4ac8b5ef2f61e9c6da60c0a7891cd782dda446363870a350c245fc561c197f91fae7d7893f1e25269ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
793f0dbc801984f6d4971d244a130ff6

SHA1
6b0548cf3bbc2ba573e500d432ba63c5482478a8

SHA256
a9735947653745e435a927a9eec11253fa436268683d0fb775e71d558956eacf

SHA512
bace9de613ae16f0b9451e30a46eccbd342b80d525ef987f62df8ea5a8055c29b0b6a06cba6724e3b550588fc91d8a7e81d7c73758c1a1338bc5313b092c9e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f62ff84d5fc088ca90173eeae91d7924

SHA1
1bf1105f9ad16477c3b46554ec8b10de402f86ba

SHA256
cae72806f73b25bd3689036f02f0a0d4be5f2349b2d9af67b22c0f23aff97a07

SHA512
9442e7703e8a04b4f6a9f402ca02de002d20035912fa83bfc79c0a9dfb8b0addba1d852336dc5d732a1d037cc8b39b6379a52ca269ff62b57c6cd88ee654665f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
9328a37a5145ab91811b61b37f68ee24

SHA1
412731c41d1197d9b7076692f1e872d369957e63

SHA256
a603728413fd9a8f8594653f214aa6880af18779da79d5fec96dc915e0f72e8b

SHA512
435d9673f660f901e70c60af6c51b7bac82f177ccbe551692cf5725e346b6da86ea44d037cfa9df6c5ee3af92e75b673fb23825d5f66e16e3fde20fc042a4938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
8f6cbada5f9451b1ab98187b4137b378

SHA1
6dc506eebf916e2193e982d52f2d6d92018d5bb2

SHA256
fcd19dc1d30e88f5a9eb8e3d2e00d70339dba7397fda0e852785121d36b02383

SHA512
133f83fb068b3046e7cdb96c4a8bc8415b0a3cfdfde5ac15f78c0787390969dc32237e6e53d80f4d5d1b64071f5353ca22910b62f9c8c45a710afd9f34781790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
14a9a74224029bf0eb79efc3975af50f

SHA1
3016522fc8023ce0044cfbc672199b40036e3a74

SHA256
bf778ce1a89b1c1b2a6852b42588dfdf5bf530570a017dd32d7f4f9828ca93f0

SHA512
c16bf799ea2146f61f89f8a125abe1dcfaf8a568eb280437eeaccabe0af390df84bca11afb5872fe87bbc69c7bee49fd8bba08eb99703eafab8b2dffbf9f700e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
adf7fcd7eccb9743318e682959b47c89

SHA1
3f48ee10b85f8dfcba12a80e0baa70f7aef9b7a8

SHA256
7ff6ae73c5d3e3c035d197a1c87f7b094181ae0818a59f35b766d2d5d01c32cc

SHA512
9a4b7537bca30b6a4c5b58ee656ed27b4b479dc8fdfac5ef4435af79bc1f2574a6697f70320a9261b165c386b06c72f034246b784d74fb4e9c3bd81bc67085b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
3d06a0a8e5dc5d5b451ca612325a8340

SHA1
27e12a1405cb2d909c097c2deba30ca7a5aaf201

SHA256
3a211783838e0b859d59003eff4a1bbbbd16ed38d516e74d68d31a5ea1d0d0e3

SHA512
e5329fa98ff2d6d7e7bed988034116c3e5d79e69b1fcd594f3f22e7246fc48d6ff78274c24cceeae54fe10774b89869717f92f8beff5443ab08407ed0fbfddf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58240d.TMP

Filesize
88KB

MD5
acf60df8c6d2e9c85fda14a0f0b5cfa2

SHA1
607590340f4ea5a8b51b80709cecce3152dd9a25

SHA256
cfad4416cccf535cf570b54f74b454174c9efc6060ff0a56d108137efaad86ef

SHA512
5ee27ccd0131eeb8a3a41427876c394d05726b0834120be5295b68733bfff3e6df611d70b1583bfb5c3202068157df085533e468738ed834b14661bfdbc5b2f7

Download Submit