e1eedf9077fe9a2532130dc80fcd13878835490f5eae82295805b7eb67691a82

Analysis

max time kernel
82s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CS2RED_Checker.zip
Size

18.1MB
MD5

5845377259e765b722b1a20c48b5bc7d
SHA1

aea4c56e80f7b7e229bfc15ba7cdc15f604d6e46
SHA256

e1eedf9077fe9a2532130dc80fcd13878835490f5eae82295805b7eb67691a82
SHA512

8f42eefe99bfa073f3ebb23ba3ce4138e1a9dec94e556a86a0ab26bfe7dd2dc5fe4511e5a80565cec8e70d221676d640b0b7d161d8646af373a1a2f043a1fac0
SSDEEP

393216:89j/EL3W7bU5wSD5vIxbklXGWI6r6nrrPivuaJlSSPQvPuja94MwNYz:89UWM57D6xgWz6r8/yu0dhUeYz

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644902265660581"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
4540	chrome.exe
4540	chrome.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2264	taskmgr.exe
Token: SeSystemProfilePrivilege	2264	taskmgr.exe
Token: SeCreateGlobalPrivilege	2264	taskmgr.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
2264	taskmgr.exe
4540	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
2264	taskmgr.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
2264	taskmgr.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 1228	4540	chrome.exe	101
PID 4540 wrote to memory of 1228	4540	chrome.exe	101
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 2180	4540	chrome.exe	102
PID 4540 wrote to memory of 3952	4540	chrome.exe	103
PID 4540 wrote to memory of 3952	4540	chrome.exe	103
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104
PID 4540 wrote to memory of 3908	4540	chrome.exe	104

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\CS2RED_Checker.zip
1⤵
PID:1152

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff88535ab58,0x7ff88535ab68,0x7ff88535ab78
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4584 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3984 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1988,i,12453116571341301952,3212211702774459049,131072 /prefetch:8
  2⤵
  PID:1940

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
290ed219b6f572fe4e86f2a42530dc95

SHA1
0fc5b3cc1a6e72d8d7bdf48518dce751c7cd1621

SHA256
d718d74c87129b7d3be8a2f08a7963f1144c8e855da72afb3b087d3f3e756049

SHA512
875d55f6e45dbd73325a56d8ba4172437981a295c3bd3dac52e2d233fbb96a47ae95c3911f02aa4c93f5c273d66fe24c68273d1014f04d3ba5f2bacbec718362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f6073005535089f4ee6be01178c4f6b0

SHA1
319f45e172682e4810b7fe32f422a4a757a4db34

SHA256
d804f5f2ad89d4de96aba2d2672dcddbdda34ea230623917cd79b0a5ee00df11

SHA512
1672e97e67223dc228304b63538253fe81911d90147a1564a9fb9dc59fe781477fde98b6046c38fef0d5d614d38f541c6282d8edf7da1fa5083a7117b6a40c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ae4c3b06c28798f2b9866afb46463096

SHA1
2ce014c863ccacae11188ed72bed73721008a38c

SHA256
1a304b86ec68b7ca5b11b1b2a851536cbb8a8d82f91521f11227f6d5a0c79043

SHA512
a79990f437bd3f3377d62ce074b0a524f0ea83ff488aefe0e27c9b216d44d5fe06d5b22441214309ad240d7a496bbb7026308dae74c846392cd79e58f8e73b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0c6317056e5da2c64810d8cc483e3198

SHA1
312b5e03cf2c019b45daa32ed01906cdf8a691c1

SHA256
05ce724ceeda2116251949c79729c0d9ee3a56d29adc4317acceb676cce080c1

SHA512
2223843f647fae0eefc6ec457ae967a209e27eccc189c1c01abb969a85b8cc4166ec96cf899f5e96e5664ae0c79899629188d9a3d6be86d787bde48579ab0cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
5191d807c0a5149cd84d2999d67c2d82

SHA1
4014f7feb2d10205a088ce61bb7fe83183b58490

SHA256
928c5d80be6f020e971bde36cd8297e96419482f0ab265cd121740a7686ae2db

SHA512
7ff80404b752c26e3fd1d3f905024e6c91da1d852f0dde3c7440dcd5b85f6b94b2f0e100f5cd35c328f2cd905e749a61c9fb0a4501aae1433e471ee1c2fd32f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
3b463b3b896f705d49661e6b2875e7a2

SHA1
d9628a6937407502a90811ce533b100c9cf707fc

SHA256
677412c57db543b015c40cfbfe7985185ac5369463eacd33bbe8c42386b1e73b

SHA512
62afa3ef2db0d7c622b0af361c8103e49b49e0603957b196516e95715bde75320bf53dfb9d8f9712ac35d255782918df1a1c91494ecad6abddcc03f3b2a2325d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
4d925bdd3636eccd36580d43660dcbcb

SHA1
6a405ac639cf64186c8042ab880420b01cc61bde

SHA256
b4f8fa54c4e2525cef61e3037d168a312aaaf69eb9c21472971399aac8ebf6ca

SHA512
42c9b5e53e07e51b5c4a89110bb17f4f211bf7b10edcefc11885a0258d4b2784ed4fac011bfe7525772640406b6742f1dc2058a39703b4543a132a7817b2fa68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58650e.TMP

Filesize
89KB

MD5
f9423871dc8e519393b8d25ccfba40c9

SHA1
5bc48d8dc3563f863c38f32abd9f4fc519e773ef

SHA256
3b40989e8b07acdc1aff45f088dad38076a76e0d54e947e878d7742a0c555403

SHA512
2eac8cd522aff4ae03fddbbe3144e9a6d89f79df8ded08b345aadb715419bababcae9096df035b020fb2de7a712761aa69c14dc99d6f9cf1edf45bd4542dc313

Download Submit
memory/2264-0-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download
memory/2264-6-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download
memory/2264-8-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download
memory/2264-9-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download
memory/2264-10-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download
memory/2264-11-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download
memory/2264-12-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download
memory/2264-7-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download
memory/2264-1-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download
memory/2264-2-0x00000232BCCA0000-0x00000232BCCA1000-memory.dmp

Filesize
4KB

Download