01b91360c8f85726f29f29f3f55d9044ef9a43eff74ec30bd186e9e9713e5e01

Analysis

max time kernel
134s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-es
resource tags

arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08-06-2024 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Impulse.dll
Size

1.2MB
MD5

e89300f7c9512e5904fd006a12267898
SHA1

9d1c3ea00c80a11630d00f3dec38ce100f30dfa7
SHA256

01b91360c8f85726f29f29f3f55d9044ef9a43eff74ec30bd186e9e9713e5e01
SHA512

c3178a940793fb747fb6e681e06eba68f1b78ed9f68118b81be0636549b9a3ce0635e765b400b22f65f7ab898ce722d1a178f0e930b4a4edbe159e9eb64efb71
SSDEEP

24576:kN0qP7PIwf709oO936V4prP48drEeSPprhkCj+przr7r8r5FYbQAebrtDneQ6op5:SBQwT0X936V4prP48drEeSPprhkCj+pY

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1884	2248	WerFault.exe	82

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623597380887887"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{7371287B-AE5D-4D38-B33F-A2FB99A48BC9}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
512	chrome.exe
512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 2248	4620	rundll32.exe	82
PID 4620 wrote to memory of 2248	4620	rundll32.exe	82
PID 4620 wrote to memory of 2248	4620	rundll32.exe	82
PID 3320 wrote to memory of 3040	3320	chrome.exe	97
PID 3320 wrote to memory of 3040	3320	chrome.exe	97
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 2040	3320	chrome.exe	98
PID 3320 wrote to memory of 3988	3320	chrome.exe	99
PID 3320 wrote to memory of 3988	3320	chrome.exe	99
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100
PID 3320 wrote to memory of 1560	3320	chrome.exe	100

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Impulse.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Impulse.dll,#1
  2⤵
  PID:2248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 1264
    3⤵
    - Program crash
    PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2248 -ip 2248
1⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f116ab58,0x7ff9f116ab68,0x7ff9f116ab78
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:2
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4944 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4848 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5176 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5428 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5408 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5452 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4168 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4128 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5592 --field-trial-handle=1908,i,17068300722244284814,3286478834045235905,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
910KB

MD5
6728595d12bd4ae47b5c6e739b17b134

SHA1
dcae0ac4535640ae1ccc145935ec43870e1113f6

SHA256
b4fa52f5d2e2578ae72cda44c7a863d14035c7461d26112afbddb4905fbfffd6

SHA512
ffaf647f86cc39be9f94a3e1f06d6cbfac4e5c62133451d8a32b96cbcb664d954ab3ce516f15995de2733528ba57204ef74eea841a4505b799acfb90185c3a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
c991b2202b66ef9862035c70a9db0d76

SHA1
f4418e3f52899d25dfa864c11074219253567ecd

SHA256
6b95b4a8454cd045cef449c5ad7f61df43d0ed87a923c738cdb42eade95f8446

SHA512
93c5c328a87abd890f9fd51c2efed1c427da94103297a6c6dd21b66f72b7b8f3ebb4d7802e84f10a2b504d614b9d5d2e7bda9e60b8ba0310abcad283a52f612d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
242804938e996e6be2f7305d27712519

SHA1
8ff36bb38f8714fa405c3ad3a1bc7438b2814f34

SHA256
d6311b3b51e74d989fe9de56ccc70ff754b9a117478a2f6e034b6422333cb018

SHA512
a389b6107a952d79cfa8b8d4ec5892a643b21a4a46332c6e851ac56c1860de6e0c32ddc444d33fa07004fa1fc9921b5bd013fd74cf61fe8802a4e710f3498957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\31d56b09-3855-40bc-99f5-7035a250297e.tmp

Filesize
1015B

MD5
feb9abbc2ec33180b070bb158694dbd6

SHA1
5a2412618ea65e138a88b8253c4fdf4fb3a03ad5

SHA256
1d79f9192b3372675ad58e644feb63b171e052c71c4c962844cec1bb1aa50f8a

SHA512
adb0a41e544878bec404b3942c6fd5e9c94fb84c62cdca29ab4644dfe4a11fce0b5c1caf2de01e51eded857eb9683cb4b185604a08415dc3dc78a867c41fbfc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
22dfc7a9e1922b8ef94f1fa7fa5c5c8c

SHA1
78ca9704e4b519922493e29b34e743b13b720f1c

SHA256
7c403782494502f18bf2050746df09216bd7a60c0aa5f64708fe664c01049f5a

SHA512
05a2b25d85d52edd3ad1a8374c7af793762aab7b5990d788cb48df7748b8828dcb610f61b635e9baee1ba482e08c52c84a845ea72254fadfabd88cc49a387c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
447f15df1388656b86098d299f97c7a5

SHA1
89ff4022339f5207673827fd240a29600587d9c9

SHA256
5d6e8c122c6564c0651d3694ec928beae4b4ef4c02b3c5f919ba1287f6ac40e6

SHA512
720dfa38e7292f085d87fb3a6dabe325682f33656807f45cadfc208040deb15457dd73d719e5c25e37a9de682598c06666e5e591f7ab3e676430e58767c854be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
68e2a52a5bd0255cdd3a245cd992eacc

SHA1
9abf4485b36695cac289d67148fa5858c2c27979

SHA256
394314c93fb5c44f87eec8134540219c2562c9b0261249c0d232429b392e5a3d

SHA512
caea2ee41d51e132fb94870bc2825e66aeaf717238b29def4e1c715a1fdc427a3d3467764b309353e3bc920ffbd40270e0d92daea7cf71e52df8af9de539a540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ce37024fa836626701c8013e1f21709

SHA1
aa2420cb2607529168f875e190c89694c90e6073

SHA256
eecdd95d96e832a30ab6bd271ba38147e6ecbca84b28cfc641f384b830b89cc9

SHA512
2cdbf0e1d0a89d62674a7deec3e0ff82b66c549d50e19b177ef1bcc1f029aeb0a695a16892f2213240421edb939acc69cac0f62b9899465e01a9f0932dabd17c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4db71bd88d35eb76bef56cd16d5b958b

SHA1
47478f515ae14babac78caef11463ddcdc0d942c

SHA256
a060fe2be93aa7195b7ad6ec29038ac13eb89e0139c9e7ce77b98260d51e35c1

SHA512
6e013cce8ba69162ba99bb8e403014716963a571b343c6edb81b8317de47277bde652a7718cca1eb72ef370076da0a0526eb41e44ae8f76f85161f2dbf07958e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\aceaf6b9-628d-480e-bbeb-179eea960a8a.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4a9caab59dd2ca288439dc6c780de856

SHA1
98de513f15b670c28023b05d14dafef5b34236e1

SHA256
b6d97351d0719d689dfad1bcd3d2e89a1dfebdc37581cb8b48065ccd7f8eb712

SHA512
a8ce7cbf1a20d416dac9ca1f987ee00ef3277ebf7f737d361f7def1fcc1c38d23c3867cc7fc07d74886e5d04223fee04f7b39cd5a8f0154e8ecd072b6840dedf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e923cfda23bad808afb3f7e12fdd6873

SHA1
de425c433b3a02bd2c8b5e384b30456f2cebd3f8

SHA256
16d21a3aa24d4eece406b9779af226ef79b0f16a3df200f260bf46b8635be3eb

SHA512
2617592e421eefd50358e8253a95dfbf4b67e5ca49734bcc57de1b115fcd79720c8acbe1575ccd5617009092960820073d277361a14eb508ab845c260dbc8162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c742e050a33ad31dda0ab2bcf41d5093

SHA1
7b713b9c71f05da323a33ef0e3ebfaca4105bf89

SHA256
fc8499696138628a954383f0e6a1048c379ae70bd532faa6f3155bf794f674c1

SHA512
c783111d00abca33c7450cfc4af55a4ae63e435477450353edff33221922b25bf863a4af4452a2145c0953b5e79235e59060c194bb2da1fc82cd18b2b3cd9605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
3f710232c3c7de442128cb400a337eec

SHA1
d76c3dcd8a6395e6d7e78ab7a2aac73fd9744aa7

SHA256
d6dc1645553ba8ec6579299ee72653579405c07801c13343da2a515dfd84edbf

SHA512
0e8ffc42604092f33ac67b97ab371ea131665dd327bb85ca007d0866be72e250ec34d7e647f78f9a03378595e227acbc17eb95842eb43f273eedde353caf6d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57d2d1.TMP

Filesize
120B

MD5
c8047d369d5fe2854a5fcee2e350c626

SHA1
65c95d9ab4fb484f1ae617116a2bf102128b5de2

SHA256
23be8aa7c6e6aeb7d9fac3668fb48acf3057fca29c3998835d7d67a3a3c81b81

SHA512
6868a7e1107fdfc231d5c5511219dc7b44864435800f27d29e768575dd862b4e41303dbcc924ce80530a2d60ef19692d913cfc6dc073c8585bc981f66e1370c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
21a4286ae7596a7c14a1b4038fd485ec

SHA1
3ccc1330422d2c0b88f7b40ce7cdcf6b6a8495bd

SHA256
b6a9ce19f2d2e27df020442afcd7cf992a6fc72c0e6d7b9a4895d2a571e63ef4

SHA512
4027c03fc3836db89b726a5d402ae8a050963e28239a043bc750cafc7d8fe4f34f5e95f53a8fd55ad175221742c19b42b1c16969eb0d46465ca5bd0ae94f8aff

Download Submit
memory/2248-0-0x0000000003050000-0x0000000003060000-memory.dmp

Filesize
64KB

Download
memory/2248-4-0x0000000006D20000-0x0000000006E22000-memory.dmp

Filesize
1.0MB

Download
memory/2248-3-0x00000000750D0000-0x0000000075201000-memory.dmp

Filesize
1.2MB

Download
memory/2248-2-0x00000000054E0000-0x0000000005611000-memory.dmp

Filesize
1.2MB

Download
memory/2248-1-0x000000007456E000-0x000000007456F000-memory.dmp

Filesize
4KB

Download