2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eicar_com.zip
Size

184B
MD5

6ce6f415d8475545be5ba114f208b0ff
SHA1

d27265074c9eac2e2122ed69294dbc4d7cce9141
SHA256

2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
SHA512

d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612690855055991"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 4480	4344	chrome.exe	102
PID 4344 wrote to memory of 4480	4344	chrome.exe	102
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3892	4344	chrome.exe	103
PID 4344 wrote to memory of 3896	4344	chrome.exe	104
PID 4344 wrote to memory of 3896	4344	chrome.exe	104
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105
PID 4344 wrote to memory of 772	4344	chrome.exe	105

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip
1⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff95a51ab58,0x7ff95a51ab68,0x7ff95a51ab78
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4068 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2128
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff78a0aae48,0x7ff78a0aae58,0x7ff78a0aae68
    3⤵
    PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5380 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3332 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5584 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3992 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5828 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5916 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6100 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5492 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=2032,i,10509756613823015536,18082743912848190368,131072 /prefetch:8
  2⤵
  PID:3444

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1092

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x38c
1⤵
PID:4892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
59KB

MD5
7626aade5004330bfb65f1e1f790df0c

SHA1
97dca3e04f19cfe55b010c13f10a81ffe8b8374b

SHA256
cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

SHA512
f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
202KB

MD5
06ec9738b30f8a9c259e66bedde9c1a5

SHA1
341d8af865634be4464ceeb4cf4a5890e6a115f4

SHA256
82f137ba7810184cf6a0b1fdb3cc61b289801408d0dcfd7f5b80861ab7388a63

SHA512
820a2b7fe758901219cadb0e0952bb398e1c26b567f2b14e7b9dc11f1c1a13db7a0caa42c030778af92b08acda686f76921cd9826fd3244369d1694cd552014e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
bd3aee200714f3f7d86f0642bf13d9c2

SHA1
1f27fea8d985b1c8e76eeaacf972b5e1a84ebdb8

SHA256
09999698a02a050529d1a56b5c274e00d0341c3f792eeefc0d9abca13fed73dd

SHA512
69a7eb7dbd0ba95f3d3ca90ae22a8c93ec929dd35f7b9635c4b78e5d03619a9703177185cb574faf28a63d193de868a0909fdbac7906f6fb8b7d24a6f172c97c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
8bb90a2782d7e67728b54b4cca7b393c

SHA1
1b5fa85cb123823de3b929349933d43b4ee721c2

SHA256
5467cbc946c2bae601dbe664169c72eac92e5ea6427a008dc7091332dd44e7b3

SHA512
24e7f7ecd1b4dfa361410c03c76dbfd80f20b398c7b0f041d45293755c4d2380825b90e798d1d358095e610a8a44880cabc9136580b8b56a4276d49654f7eced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
cd63588eb55a1387bbfad6cd4453b695

SHA1
beeb2d20417d9356ac93673d6321d33d39c530a3

SHA256
1c1f4a48dd269195c1490dc7fbdceeea7d3ee129710f5fc028a7be41039582f0

SHA512
6840036f0169058c4a14f6a381a4711c8de7bcf8cd36417ee99d3d2d4e0000983bfdd319f5827fd98010e7f77f7d4de8ce422df8b544c23b7276824b28530973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
ebe968f2c78a85f249f3e3a870fb3e7c

SHA1
b486d9024e46f96f73ff981e57da2599830dc187

SHA256
ed7a12343d2fbfbdbb616e72ea8a91371ad157bcf77b723b1dede7e6cb21b1ae

SHA512
b7a245196a6b34a1d20880af517f2f53191e4745691e3608da2faeb2e78cd7f0d48c5652affe9a297e0ee99d18198d9f8db2fbc7a71dc214ac2634546efae82b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
35e5477caca1101cc92ac42406a0e477

SHA1
923e41dd37c686a37115221325e327beefb3442f

SHA256
bc1b32413f339f217e8fce4528c3479fbaff28ce40bea12ba45d99cd51bac9ba

SHA512
e5534568822711fcfa500fbbb759da5c01be37c971c1eb00ccb62c7d675fccfebf47626dbc21cad8c472b290008ed001868a0713fce4d6005394351e7ade3e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3fd0c27fe1f08e6e938450552dd77a97

SHA1
1baea6cf08d5758506af38e91a53da13d9b511f4

SHA256
d2f874889b501c039bf5181585e5cec45d3c318936dd820bd719764317cb56d7

SHA512
c16c330efae0d55262cbbbc532d987759284690ac28e8771db1cd3b7910eb582a06ef8019a469b0b0df8825db8b7180071eedca356ff00a61843d094bcf57eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ae40cc6ce84cb68204aa0aec70a302ba

SHA1
e6fd83176f71eb61b0ebc03f05c2944f0ddca858

SHA256
9e0297086415711fad2807a74be83f0bef8c60ad305a01c3a9d80b10cde4c215

SHA512
3674dd34d00b79cc4859036d876f6c5a464b38d36b8c54e33bd88b249e01d311cdbe3bf4f7dbfaf41e0d480f3f9e707737592380cf00bd13abd6b1e0c3f1139b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d28f371a576e6e278e5592b70e5135f8

SHA1
471c47a59f7fdefcd2ea43a94166c110cbd5fa7d

SHA256
91d9f2ec3465073cdce554940ea9b75368f2a2659df5be40e8b16b896741fb88

SHA512
f391616b6176aa1e0d606d94fa7d994639a6525957f77629405690ff631d1ff22b829499758100a5719c811e5c839a0f4200c913724789c0f9dc3e9eff6887ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
f4adc3a88595626c48b0e2801049c4db

SHA1
be7047840e6e457ed877c7712d57756e679b0b45

SHA256
debf35bf28b96a3f4758ab169d60e43a53f9bfe6b7214e9ab2f5c67a429a6012

SHA512
aa94cfbb642f55620dd4a3c28ecb8170390a1047d4312ccf32df8fe46ea249973baefa9f897ac61bfe70a944871303ecbb4c877bb8b72bc15441e74fe64e49bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
94cadcc9fac02667b6d4707199d833a7

SHA1
dd90202e2427307acba543ee0af12de144bbc678

SHA256
c77d3249b87b3538bcd79abedb245be60519ad0a95d6cdb30b0988668b69ae4b

SHA512
25a5d7f41e538ebcf4cf9301aa6bb501b06be9925dc5177c6f18a87c74e9bc1c4a97b792c8b9ddea16e15deb79a8bf5214ce6c8917fa7bbc72584423c4f4c487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
20a6ddd53e5742de8daef937e29f640b

SHA1
1aa032c28840bb39dad9335bcd614570cc32595b

SHA256
015c093bbac7c1d3298290e5d2b3a950fb546dea6656186ae90869c5d6e76489

SHA512
bc072a3df713f797eca694eef8158fb4e23b9567b322f1372d941c4386a02784f13e63efd973cd80223658619c4f429101bc9acfd4ac8d776929084ddb5621f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
7490c5a652cd341dfdf249f97ec22bef

SHA1
0ed380a5574aae000586145fd38d790df028975d

SHA256
118d6ba1aab38bdbd850be3f02909a3d8d6cfe778111290634f030bb2e7fec98

SHA512
28c49365ae81099291a04ea4f543f4ed69d2a7052579446bb14bafd0b4f43d4cc79a9675562168bf37b986cae8545bdf397618ae5070dab8a13187b320a16422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe597fa6.TMP

Filesize
89KB

MD5
d704acb476e0a2163adcbace25fc6845

SHA1
8f65fcb4775e0fba69fb467bb568ad21837b6359

SHA256
4676a62d35443dec091b8abacd9c771a58c70abaf2a7672207179b271888803e

SHA512
107b76f06c38c461430a1ec28c8c6ca5aa05a96b9278434473982422c84728532610def68ab8451b0904df1dacc615d4d834c24b9c51bbd26cd9a5c98bea3688

Download Submit