39addc334841d65799991363204351004bf4507371c5df5198e4e252084b0c7c

Analysis

max time kernel
150s
max time network
156s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05-06-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Tulpical.exe
Size

536KB
MD5

d373723bdb853738f72ef3d4ef160fb0
SHA1

0359941c3960459272a6df712a41c240895a9eba
SHA256

39addc334841d65799991363204351004bf4507371c5df5198e4e252084b0c7c
SHA512

44d909cd2bef3905aef15927e08e077278b94938aad5b81be6d3ea5d789662bd714ceffc50dd8367bca1ddc0ac345f4747b1e51f03e80bce142c3f2c9a67134d
SSDEEP

6144:pKl+oaaKGLl6JI+uMXOE1tccAUk7URacmNvXhEObZxetX2hHBYE3ddceSKlxpbnb:p0RaazUy2sN8tX2v7NW7K1FqSnGDEKs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620236920196597"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 2472	3584	chrome.exe	75
PID 3584 wrote to memory of 2472	3584	chrome.exe	75
PID 4940 wrote to memory of 5092	4940	chrome.exe	77
PID 4940 wrote to memory of 5092	4940	chrome.exe	77
PID 2352 wrote to memory of 3176	2352	chrome.exe	79
PID 2352 wrote to memory of 3176	2352	chrome.exe	79
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 2508	4940	chrome.exe	81
PID 4940 wrote to memory of 3636	4940	chrome.exe	82
PID 4940 wrote to memory of 3636	4940	chrome.exe	82
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83
PID 3584 wrote to memory of 4704	3584	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\Tulpical.exe
"C:\Users\Admin\AppData\Local\Temp\Tulpical.exe"
1⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7ffffe5a9758,0x7ffffe5a9768,0x7ffffe5a9778
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1752,i,14862625213971829103,4715760988969152128,131072 /prefetch:2
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1752,i,14862625213971829103,4715760988969152128,131072 /prefetch:8
  2⤵
  PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffffe5a9758,0x7ffffe5a9768,0x7ffffe5a9778
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:2
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3524 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5244 --field-trial-handle=1868,i,4018706006852507350,10026655552207115816,131072 /prefetch:1
  2⤵
  PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffffe5a9758,0x7ffffe5a9768,0x7ffffe5a9778
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1796,i,13365603073977551667,427419461890289237,131072 /prefetch:2
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,13365603073977551667,427419461890289237,131072 /prefetch:8
  2⤵
  PID:4984

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2d9f034fe011a3626c641622da4e1fe2

SHA1
e79ffce5333c61d94a36ccaf9cf1a72e03268656

SHA256
34b2d6b896be4a5c8771e65da5d9342ef5f69880e9948b6a9522c06ca50efc00

SHA512
703dae4d2a4f7ece62ef72c964d232b229964ca84638c916804a983bab85c5da30a2af269359261c3044a56e362341f442e0137eeef6f82ddb4fc97b358fd580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6cae6218213c95ca95867147f758a61a

SHA1
f5ae72854a6950ee2d08286556c5dc0b296f0ad7

SHA256
639417881c1a376e39aac4e4e4e6ea0429d7f0398b4d5063f96e1bee9c5f6f56

SHA512
0928239c1ca567aa670b6acfab8e3da969acdaa80525365c9b27795b2d7a2ebc81dd07d19c80d716b623c275e523543569b476d5fda8460ea7d49827dcd8270b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
18d5b3c1c61726f4620b1422b852e602

SHA1
b430edf055d52d18bb89ce3d12a35c8143b2004c

SHA256
ce8ca163fdf3cebe995c8499fd86ad533056674314cafe0d9c8ec57afd7ea801

SHA512
2f66dfc425a70a0ef085b7fc274d1aad708bc649e4cd4c038198b2e3a291dad6c6e36e2f99a085373869c5a0a8587e9f082898fa78b0bc23dc6b6729f06774e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2dd169be2fc054186e4472ddc3a03471

SHA1
872a3976cb28bfc86d56c60a0109dc7c9940dea3

SHA256
03f056fd222982fd2f24a7a966b203cad66d802cadad10476c677825afc789dc

SHA512
f71370d075c3883deba1c43ddb982cd254ca15587ef0226fc7ef47d4e5aabd15d46710c1dc8abd46e59f7cb301969280949e95c9c296954c881938f23b5f9e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3084b8786b8ee470f431e856d45201ba

SHA1
175ab7c9cdc3c1a9696580debbbfdf63e6da7a80

SHA256
41917c43aa233a3562a0bb2229b58c3accd9ff4cc945b128f7127be855ba0e73

SHA512
8f51fac1848c26c6066677c2ddd8e193dd579a21af78006120b6af76d49f4050db186530bf68a70590283362800f34f39d4d0a139e0241ca0c16dc50a8b1d407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9cf8bc04a41c7ce3f5e6400c29a5b6ff

SHA1
ebbb7b88dbb832de5755e792322fcca9fc5f7cc0

SHA256
feba4cb31eb6cec62bd9a7d510e524ab4fb2f214d8cdd033130af82a4f9dc903

SHA512
dd9936c237af366bf50b4d2e46cb83d9f93a6f58642be026bd0d39027b8fbeff18dd7cd3c0977ee1e98a1a744eaaf93216171e973609ba7bdf682aeb1574eb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a9c5b79391122c560349691f3a54bdbd

SHA1
37cb33f48bab9b2969165564fd2bece11fa7fb40

SHA256
9edfac1a5c502d4f7b280cf98274b271a5cb4ccb8a6f839b04ff79efdaae73f7

SHA512
070140e55366f7cc347364db6189c628876c5308e8a5c46be31cf6d9fbfbd9ddbc1ff9d5f1d573cd46cb03be63f6e4151c76ed41d265739b50c19a12158b4561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e2beb2f5dcb244b6e075081f8ac816e1

SHA1
77a08b7c16c0a9474de6815c04f61231fa5377a3

SHA256
089cbb4dca82285bb1029a6d76587094f004bdee69911bd559ce99fde0444d04

SHA512
748113096421c58318ade165c2a9601c482a8467a7940e4e8973caa5dc315530dc3507e93d6cba00b651ec4b576fe69cf7311239ff51f60c5e43927cef2a6f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
856b0e764a3bd3094ece49e1f62c5d30

SHA1
f52a66a857af3b0aa8cc12010907388665dd6693

SHA256
0d5c0a142c53185cc6e06f573618c08577333c60bad2fdf83f407e25e3dcbb83

SHA512
2143c65c3140cfefd2c82df13e4b2ded5a5b416c8458b99dd0f1cddabf025645cc2cd3d0c338228d77c274853f0086056fa32e75c580ae4c130d3769c0ecb31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
719c5f1b2705c59e5ba5f9eedee4d160

SHA1
0002f41e0f3b81487033ded7ef73a0a0dcece413

SHA256
7c0b86a605d3b2897e8df9bb454145cecb2a83d4ceadec4a5947937e51f78616

SHA512
1578b4b12c983c683656ad8ea960facb0fa9a6013d40b77d33a5ec25099cf7d649382e6dec45aae53593b65d3c6ef9bd2dfe75991fe06f80b70c9665f550770c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
41202ba1e35a01b5d0d06e6f43166832

SHA1
39099c06429bc2e9b39d162b2fdd5777db40ba61

SHA256
0865d955f2241e5c7df8c73e2a1da636363ae1ba4f4bc2407f1ecc59bb0f35bc

SHA512
86f9eeb8db4c310fdef9391f9416ff53697b2809d2124fc631399f5544742783d7ed64df940d4e84c48154d10a205ef95b87c0b2e54a085ad1f7dca51f920e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
9610ba4e89b6d14d15322a356a88e275

SHA1
e4083693bff492a9338c88681fa4828510f9335a

SHA256
5278f095b3ee970675eddabb52557e1a6b95193da4791d2a921168c2a78f8cab

SHA512
d202886372568cd48bf64629acf526939da48060a498c2d1676b246c3e9ade5ee7042b29f3c86453dbfeba5cc9a9396d6d023e3b6d3718027d2aea032e88dff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
265db1c9337422f9af69ef2b4e1c7205

SHA1
3e38976bb5cf035c75c9bc185f72a80e70f41c2e

SHA256
7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc

SHA512
3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
16b7586b9eba5296ea04b791fc3d675e

SHA1
8890767dd7eb4d1beab829324ba8b9599051f0b0

SHA256
474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680

SHA512
58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit