fb8bac53f6e0be884559692aaa4d3754c2c2f5608b675d0e570b61458db5bb51

Resubmissions

27-06-2024 12:05

240627-n9g13azhje 3

27-06-2024 11:58

240627-n5nytazfld 3

27-06-2024 11:51

240627-n1bspazdld 3

27-06-2024 11:48

240627-nypa1azcpc 3

Analysis

max time kernel
142s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1317735.jpg
Size

4.0MB
MD5

9cc6f731c351b8d85a90c44a916ee672
SHA1

0bce00cced15af514f1158023ba683d365ee85f2
SHA256

fb8bac53f6e0be884559692aaa4d3754c2c2f5608b675d0e570b61458db5bb51
SHA512

1844d700d0ff36ceddf2219d16f21e799c5e5d8c7eef9ab90771de8cfef14808d5c70145da7a32bc5aa1c236d177d4e1ab828ac9f7cab7a4cc78286ae07a9843
SSDEEP

98304:w5/4o9Bqcc9cBYpeL6uGuB2o81sD4hd5j:w5/4o3qcs6YpeLZGuBLVI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639625782671370"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
3828	chrome.exe
3828	chrome.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2716	taskmgr.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe
3828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2716	taskmgr.exe
Token: SeSystemProfilePrivilege	2716	taskmgr.exe
Token: SeCreateGlobalPrivilege	2716	taskmgr.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe
Token: SeCreatePagefilePrivilege	3828	chrome.exe
Token: SeShutdownPrivilege	3828	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe
2716	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 3560	3828	chrome.exe	99
PID 3828 wrote to memory of 3560	3828	chrome.exe	99
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 3844	3828	chrome.exe	100
PID 3828 wrote to memory of 2352	3828	chrome.exe	101
PID 3828 wrote to memory of 2352	3828	chrome.exe	101
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102
PID 3828 wrote to memory of 1836	3828	chrome.exe	102

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1317735.jpg
1⤵
PID:4708

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe4289ab58,0x7ffe4289ab68,0x7ffe4289ab78
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4188 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1632 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4884 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3516 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4884 --field-trial-handle=1944,i,1852808847700482056,7869634402489634925,131072 /prefetch:1
  2⤵
  PID:5448

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3743222120a917af445bd82c5dce2220

SHA1
98fcf4cd89e287b446a6c95aa8b55d9d5c08199a

SHA256
0b0f5abe3df9947b147cc6d8d9c84bef895ed799cb6d1117164ec2c4082f7f3b

SHA512
2aad79e00ff5d6d390313a3b66dfbe40f37c750a23970d1849a430b442a0ff88bb3fb6ffa9dd03798b5b5ea15075c869a03494acb4df4eeded56930eed63130a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
18c132ecdc5714f9db7d8323bd9bedde

SHA1
cee3bdb663761196d31d3702ae25b1a4e931d65c

SHA256
5d677d50e0fded6b5d09679297fe2bb5d1c6609e72c8ab7a84e6a1703659acc2

SHA512
05533c45e7b1fb5334b1efea500aa87c9e736476fdfd0831baab1b17fb0138ea0f64f8fc238bb7da906629b645e6c60cd31c55be7df6e95f440ee98d113e06c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
70fc435de1179ae1f2a475265c5fa063

SHA1
0c07272e1f2fb786a54b599296919e78548d36dc

SHA256
a22049cc080fe22edf960bfe628f29789d047d2935cfa0390c3edb6466b93ca0

SHA512
6463d8d59412605878f21255282d5b7c95f8bc6386652e0d903089105567694ca02ff580cd246cc9ad733aa0c2e95246e4cd597b61e1542b2eb9a4386f988492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
c7fa4ea0f29ac1f41277a99df6ef0996

SHA1
3182332875eae6b01b3565aa3a57a7640e23d201

SHA256
90688a342f34f6cea25027c9e357ba784535069bf722b4044c316f7c8a1cc0c7

SHA512
71a89aee0d27efe5378b739b13370b02fa52e25864dd36908cf12a7309c18d8d8b8d2243e381c5812c723d630486d0e07438cf79560074926053280291338013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588cab.TMP

Filesize
89KB

MD5
c57a3e64bcde757d7541826fca4980eb

SHA1
1f1df1a88e62640869aac11861e35e7a3d17419f

SHA256
a9f0e63b4fa1c020c11f936bcd1eb8c7bbbace78be8795ba103863e900c1f977

SHA512
513af2eb2e23064e6c32b0d6684ac53c09cf7664f6d9f3b647d9d163719dd3e0274fd90e8d34955df0727744e06bc43ea513c3b774593f8ae41143b3fc3f508f

Download Submit
memory/2716-11-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download
memory/2716-7-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download
memory/2716-6-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download
memory/2716-8-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download
memory/2716-9-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download
memory/2716-10-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download
memory/2716-0-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download
memory/2716-12-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download
memory/2716-1-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download
memory/2716-2-0x00000193A40F0000-0x00000193A40F1000-memory.dmp

Filesize
4KB

Download