hxxps://devuploads[.]com/fzwotmgkd1z1

Analysis

max time kernel
449s
max time network
422s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27/05/2024, 13:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://devuploads.com/fzwotmgkd1z1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612896200045208"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3652	chrome.exe
3652	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 4908	3652	chrome.exe	73
PID 3652 wrote to memory of 4908	3652	chrome.exe	73
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 2452	3652	chrome.exe	75
PID 3652 wrote to memory of 4632	3652	chrome.exe	76
PID 3652 wrote to memory of 4632	3652	chrome.exe	76
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77
PID 3652 wrote to memory of 2060	3652	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://devuploads.com/fzwotmgkd1z1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffb48b9758,0x7fffb48b9768,0x7fffb48b9778
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:2
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4588 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4912 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4972 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3648 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4404 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5396 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2168 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5984 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6024 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5712 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6216 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6368 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6328 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6356 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1784,i,17950777325406328623,12941462605206112605,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
53dc8371f0d22940dc788d2200ace408

SHA1
ac7f60b467b400cae39f1d7e3df7d42af956484f

SHA256
b9c935abcdad00757788dbc0e4f631c23759716ac64018421e5dfcd42cd6c804

SHA512
5c9be78c820a01c5fcd8f8298a6c3e30994d29d6830a5256725127356d72afa2f1f1072fabfe9ad65d3fccf402626512e6200884da8e3c75d441fbdf920d0a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
51591aea273a8e372b581a6ed0395d0b

SHA1
494d7f9d668c5145ba3fba8f693e1501159bed04

SHA256
46a2b9f8d02c3fb6dba6dc7d5250e945fbf0c33d49228da707d8b12bd00d2e39

SHA512
8b1db6ff45ef108c6111c59a40513ab5807272bdaf31f46c24c515e629b2336de43e71b8efdff1dcad3e100b5eb1f644f2717b5085a0316d2c9942f6acc31a17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6c82bb19e91ddbd1fe932cf6321aed65

SHA1
4852a3a81f158a8868b72903d220fcf53a9e71c0

SHA256
6058f66c7161e54df3ce2cd47b708f1189334efce0f6d004fd2002141e6c2aa2

SHA512
2c66c7f1e6f147103162999e9fe672d9e05df9af75a04ce9f08cf149bb3bdb4ca730638deacb931272b5474a41e137affe4db465005e89608b80eaeb9492beb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8daf8296993be4d06ae7def4a8007900

SHA1
f9be71a7053d6102e6170319a631c4ad8725c3b4

SHA256
c9a7b00f81a349129be1b72475746b0436d1e6807026c8dff0df64ef7909e91d

SHA512
cb3627861ae8a53b0cfe363caaaff262dc35ad48a7bc4ee693898a2513acfe32dbab771f0feefc02810548bd92acae55a514c0d5394be8b8525749df7678f040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6723241cf51c0949061d5bd82d571189

SHA1
ae59b944e18665cad117d6497a5a214924a237dc

SHA256
88d9a67c5ae9c80ee121a132a0e05f14a4ab8d67bc3955e9eb6d6c79dc91fef3

SHA512
84296e933f9fc6ca557a3867efe881fb3176f9a6422b480a0ff08e74fbcd509bd6cff633fb0b71ce75b4fb3d49858e2f5c547f819fbdbb73dd3bb259f27f13bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e4457d2d9b88d4882a0435b2038e1dc4

SHA1
6c3bf56410ff4c5952f57c6ff85e3eda1e36a20a

SHA256
8aa8c398aa49bb833c31301cbb89a4a46332a9b4ae94146ba039033478282783

SHA512
7842c49da7208dd9dddd50cfb5476621c64f7e550bf6c2bb9557fe66c270f885cf64d80020a816e0f659be806eced24b77843b652a5a376f34949a9506de8246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c88d8d2ac041f4f52941fb7cc038787

SHA1
726c60bfda839c922fa15996def2eab1492e0606

SHA256
3fd5560d11e489258bcb282428e9aa03ccd56f46536c9622c9dd94604e204272

SHA512
9edf125c3810da716c5904a4aae6ef867d4b5cb70b8ee50e029354852b12b662c6928ed1ebd9a89c0209cdb9c373dd2253487af7e4b75b8ca66c4689acd8de65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c84e0ac7-d222-4578-8de3-8d54c627c144.tmp

Filesize
1KB

MD5
b7367d73634ce4033183160c9af217d0

SHA1
60c97d6341c41b07c59195aaf63668eaa9fbc8e6

SHA256
f5174ff0c32a76bd86aa5a0033f89fd7c336ef884f5e006b06e57962c9abf086

SHA512
206b249b608b352820d1415f5b9569c5562a642330821a1ce5c5def18595797dde7c535bd7c32ec0d3a8c9c9c076769becafecd7b9cee8feb6cd626340bc220a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
66042e1178b263218bbdff06c067727b

SHA1
595271654b2cb9bd5166267548a5704551d4a66c

SHA256
a798580469a4befc3a14b3fa9c24af87b734f5917aa91ce81dd6fec4dc83dfb8

SHA512
fbdf88308e2416ffe78e7049d8bae6b56048666dd0951f7b29c93119e85f4ee53639c028002e32dd99750d25d4c2dd88b8cbcda561341a36b7b18a398a9538ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93e7d8c3503671f9ef03666e73218a2c

SHA1
c4e0d52faac5ce1993487f91bb24dd976ebc3419

SHA256
705b0a4d97dd6a2f1764d88f88ee274eae68fab33b04ffd1a01f944aa9117c57

SHA512
e94f2f6809cd87835a8763175c37daad6775ae84b0e162d2994a085b7415fe5ff68648785edca2db19bf38ccd5d6a4dee8ee7a7981bbef4f489e5698a037ee7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fc9ba55172f27777aa253928a3e3bbf7

SHA1
cfb0f4035722f0ca4fe043316cf39d380df6898b

SHA256
de1a72d0b6963bf50473d01823a5c70c93fd4879fc5ae212de25da2f5b47bb2e

SHA512
eb51845c66dff620c66243b891040ed105d4078a3331b0063de23f1ce133400e79d77a57e9c84571afeadfd7aa3f4ffb46badb6218bdb9f8e7e0bcdc7adfba88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
87ee5f6cfdd9fde87e39fe168a461e44

SHA1
17d272ffbaa516fff625a1d339545b8d484a8ddf

SHA256
695dde0901ca2fd5137d3a27ff4ede66ce244efb502661a0b0ee9716af146f6e

SHA512
7f5d96a13da827e7c45af2d39aff269353f3c5c1d7d28d7c61f03a24b35426dcc8a18fdc2bb5cb8d37c43fedd38638508d26535e606c0ba89387b63777890692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
c496f1833c118bdcef48daa7d6927c1b

SHA1
9bbc694185c50ade3818dc3a1f31580a6cb140de

SHA256
96b7bba6c5281ae7f8e4722d31083c321477c52f90032af97ac8aca56cba5274

SHA512
c927c4163762c21e80f0753ab2d4ee71e0cab4bdf7bf876aed1a5f91e00c3666281b70ef5e5f52e2450161412f4f0265e4480551c9757b56b66ec3e740f8f828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
8b26a4adac5ef39bccf99bf09befd027

SHA1
ff5122235cc61e1616a27a421feee235e9b018bf

SHA256
32d89c745d6c379aecaa296dc8c4cd4553eaa432043eb3c36a9920577ee56c46

SHA512
b4c91d44777dfa46cd642828e816be84eecebd56a27ee863c55dbd2af5bf97cbcacb8b97f4f052107d4ebe7f7572f7b36fcaaeeb050c916b3b3aac9c06a15136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
05c964dc5064792e2f13934aaf75edd2

SHA1
0784321c61164e34042a4bd9664ad0b3bfcff862

SHA256
15d05e9c76666bbc633ab7163787cac5357f2dfec6c59e6eb8147bb2cab28414

SHA512
4a69fab6570b9a597d6e82cb727aa6a673953a48cd1d859fc75e586cdcadf744368265d16604cc6fde40ba9bbbf2aa0f58f01ab483eaba3f2ad78ba2941f7c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
e3c636f7ef5b231d6d1f7d4f6d6c9499

SHA1
f8150283afee494ad19d27c0075f6333814400d9

SHA256
e5a9f9f28c9670807362363c15246f4fa52995c8c6d297efa0d0adaa1069decd

SHA512
bae52adbfeb8e6779eb36047d3bf9f5ab15512c301944fea627b83add49d6e413850c5de3a84ccac29fd368b929eb81fdaba929059650a900333be90fb7a7d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ed8c.TMP

Filesize
100KB

MD5
4aee51ff989ce450aa797452436e45d3

SHA1
5e4385382416237c88d1bb482e816fd71dac7bc7

SHA256
6565c7f3a2569e85b238238b492536973b353395ca1661cc154064b046c80f8b

SHA512
df23d4998c252d568e60d3183930bee83f62abbe631086390cf5ba16550605ebadcf6640e01a372dc328e0f915cc25d3f8bd485f89c325b7efe54b09ff68ac9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\QuarkVPN_2.1.2.apk.crdownload

Filesize
19.1MB

MD5
37c561d361e96bfc1ad62d562f5e062f

SHA1
d7c84d522dc308c83b4efc3e60d26161cc09a9ed

SHA256
98a82b0cc2bde8f97ecea5f5cf195586374ff6e65adc63346bc1ec2c74fbd60c

SHA512
9a23773030f0615c551f10705d2ee6bebf3eb38cbd584dc27e708dfde2f74675406f8d6e10229cb452f368b40f4291f40788519182811aec29634a7944520d5f

Download Submit