d1a3c162165f611f967b34601b3bab67633b94fc6dfcd70ff1591e9ae7b631e0

Resubmissions

05/07/2024, 18:03

240705-wm6d5ssenq 8

05/07/2024, 17:57

240705-wj2a1svend 3

Analysis

max time kernel
269s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Usermode.exe
Size

1.3MB
MD5

8341318173e580405f529486c6c7c272
SHA1

ceebbbdc5cee63aa8e0c86c057d61ca025affcc5
SHA256

d1a3c162165f611f967b34601b3bab67633b94fc6dfcd70ff1591e9ae7b631e0
SHA512

b1ae6f04c9d910c45e378730df57e122945e8681b7ae07439ee3ace210f0c8c71ca9df1d4d03b663d856e840a32a9a9ceeb372e1e7edac841a26271f5f6ca2dc
SSDEEP

24576:5aTpb4mknNnXCMZu+3caswIOFM0AzLDA2MxumuoOZmwGUqmOiDJskY3jICn7JyDo:zQO60AzPA2VmT93S8ICn7JyDepSjBk8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646759849350639"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1164 wrote to memory of 904	1164	chrome.exe	101
PID 1164 wrote to memory of 904	1164	chrome.exe	101
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 3064	1164	chrome.exe	102
PID 1164 wrote to memory of 1616	1164	chrome.exe	103
PID 1164 wrote to memory of 1616	1164	chrome.exe	103
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104
PID 1164 wrote to memory of 3576	1164	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\Usermode.exe
"C:\Users\Admin\AppData\Local\Temp\Usermode.exe"
1⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1040,i,13449985004032019519,10418033681721867105,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
1⤵
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d43cab58,0x7ff9d43cab68,0x7ff9d43cab78
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:2
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4272 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:8
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4952 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2532 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3308 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3192 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2508 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4740 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4380 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1900 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4636 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3652 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5252 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5540 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6088 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5508 --field-trial-handle=1960,i,11665891988931159276,5349210511957524569,131072 /prefetch:1
  2⤵
  PID:4440

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
19KB

MD5
39b7e0d992290c41da06068bfbfc7c77

SHA1
f6a4d0d93047d6cadf48b2bb752f89bc9bbf6806

SHA256
92d3d1073c33cb7ee8711bde6ac3c519b2b5f0044e5a2582aba96b14ccfef01d

SHA512
c67131ea3093c9863d3c7dffc37cf54d4b17bee7abae3fda9195535bb8a736ab19115fdd14591c7fd1966014891f9b140b8763695a80207756bf01c534388a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1eda85027215dc2b3634ea150164dffc

SHA1
e4e0edf133fdc356c19696dec5556cf76666ab29

SHA256
ec12826940ece615773b2d2f4afa6a1b872b4737b1af11db5badde18346791fa

SHA512
9062b91fd9c2cd6a6f8e12b184149437c78bada7612a893756f752608d6a571a22094a60c47ca382b17bcdc768a27ba2315fda43e8b0cce58b37f7c8a150ab68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1582ed49956b78efde8868ac0cdd23e1

SHA1
fbce1f19a686981de1d8fcf34bab29bc54cea007

SHA256
e14942b85fcee961833df9ddea99bdea1942b7b9731676fa80acf3d5b8c37c42

SHA512
9e6d3d2f06d9ea54a93aaf61a1a152ea3d90f4261b9d95ff32a199b9d98641556544971357a76ec36a60eb16904f37f2682c294f48e8f5bb45f28a0279801858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9144a73f751eacee766dcb9c9b1ed6c1

SHA1
54d576b13e96fc3c65c88e3c5ddc29744c69af1d

SHA256
846a1068f8386e83d958a75d62b9c794b0f220180ca83f215a473efd568f0543

SHA512
9d800a52d419780d7b1aa6bcf7cfd992692af69d4d829932349c038ee96c098e06ac228fbfc622b0f723a86fd8d5a51fd2a58dccc945b7606aedd4a864425094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
332033f9e7a1be2f354c7a7ab4a82c3f

SHA1
eb01f8a22f31b1274bfb256a12ae3015344173cf

SHA256
87463fd5985b0f1c358af68c6cc3db74e882150f6d14852920559a1b66fd4c7d

SHA512
9b9b3de6b263180be1e51a6ee3b3a8776bf0b69c157a638d77a6be5629e3f55ed933ee7aff30f3d84d03f6b99584f325b80cbdf82c4b7b4cb9234caf6a92db74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
cba42b72ef76f294257542382fd4c14f

SHA1
1ca7761b3fc1129bc4f9dbb0a271dc2079a821d4

SHA256
8ba04b58d1221e71c259c6e2b4867be2568367e4bcfdee1a7524af32739b62c5

SHA512
f0a7c89cb072158b62295123aaa73bfddc506e80351d50dcec8b8c5a62446fc40da2cd657a3c93308ab62fe2c071b27cd01b4769f0bfc5fae8ff1fd3d31afaeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
4416074c57bbecd5b0a1b4d7bb231c1d

SHA1
275176c36240f3c198eccc2a00cbba8737de9daf

SHA256
a87b2ec42f1bbebb8fc9ec36a934076b15d8050c5d82ec1bb8adbe874200b90c

SHA512
f08ba72273cfb14dbefb506388d645b607d4280ac292928eed81b654184ec4e675e17f1f91e64a36019f7ebe8c8fd823533b7bff2412c36296829371978ed220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
44e6e815e60a2e664b5c44d76fbb8911

SHA1
2221a9500c3c7fc6c736fa83c1378c9468b34a16

SHA256
5404fb6485c574d8e0b7910340c94eea44fb293a8724f58258824a418301ed1b

SHA512
d38c4604a3140bd51625c3569eb14f8bffc492ef051463949365d846bf2b1db862dd32c5ab25c67116e0d9c948c453b959254c8d31231b93233609d131acefa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
48c4cef7ef82591a954ee06b95d02bcd

SHA1
f7962c71f02d82b2f4fd01e8d24cb34aaf6d3e02

SHA256
fd1bd75c75586debb74946f894ee89ec35bf7dfc54a857f7fceb8d732a6d6557

SHA512
848a467ad51fe2460b8059b9cf5ac338b298504a4d30d4839938ba9265954b750b386d1cebf63b322504000c2888325cb1fe71d9da2a4583fb392c79fc588d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
23a7f5b5bf4fefd3d6203080a7d4debc

SHA1
af38f7328aeb240c5c5968b45df46f9818b6436e

SHA256
7ba81f7e2d48662a2659ef02cd9f4a6cd4e5fc94080b13518e3a7f1c7a349a3e

SHA512
d6c988a6c444ef665b452d8595b9130b2ad6d6e3101f9981cbfe09bff5d331841f522658fefc791fdcd188f0758a7a33613acd2a025ea235f07ff566b0f9894a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dfda917fa4ca0d3e7f674418903858d0

SHA1
3170ec3eae7de5aef13477de4e393c8a871cc516

SHA256
ec04537a5ed1e05cc0f63c9fdecbe5807f7355a977633de94ab009392fc9b8eb

SHA512
2ff1df1b6197bb93b3cdaa73b2fb7cfe2eb35aa9209ba27581a428a8095ea1ed8b4ac244b5afce2587d20d3ad4482cca8ad1f8ec1e00625c5892db283282dc15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b251272e3f29731049996ede36305818

SHA1
829525a4a3288e4a6729835c37bf527530abd270

SHA256
a08449dd624e5db6a015ab5222c0adc68cd4bd684510641e25bbc738e360fb18

SHA512
4d134150c13c70f3855a268665d222d912b6d2b827740692f1c6c21156b267b32af85d604e68053554f6e611d0e74a3107d57b0d0107c59506bf495c4079382a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
9422593756cc62b39a052feb8d6f062a

SHA1
92228a805f26ed827d2d1c7da3bd02665ab858e2

SHA256
5e18ad23d2bc237083cc9689bd183132ee006766973ca55d3afa8671722ecf23

SHA512
65a5bf00838202053651d746bc8e3279798e55c56b8f0ac5bc9bb40af7340091f8a5eaee39d5cbee001edabef094d3f02af33c58653b22e39f0b803fb2896c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ac4683241bb7301866e44c435d52b835

SHA1
3b3cb8536d21b1b47bd4639030c209c1918cfac5

SHA256
9651f90f728e9e5cc1c7525533dcf96d3f5d9b2cf10412ba327738a0f4974f8d

SHA512
bb3583a303d8e3c8e6dd60c6894bf5dc927553d7171097c72f0a41633ca9fb347e222f57870db429f3ea40e96c4a42586ed7ca846e43989b7b443ae97eb3a2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
68a7657d49ddad313608a2912ebd16f4

SHA1
2ffa681debd2464a0a2c3a44d013503fb1af7df0

SHA256
8b11ee7ee21ba37fa05b913d325162a4b76f701f4282e1ea4e2a9c203b7167e9

SHA512
cec07eaa78f797bfb9f9c95b99decc5ba8efe8b8eeef5077f5dad0f6a0a4c395d20a9722d230abafc982b11a4536fddd77f4637137bb7b9fb2935fa46e6e7375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2fa5e05b7efcac91fc00855141507e6b

SHA1
3ae81a7d2f509bb0e891ccce4c9eac3961989ac3

SHA256
32ed03a93723c71282e6928cd6576fcf5c798269eb52f0dfa5a083ae5303400c

SHA512
7cec9a3abc1e43c3c9c612aeec18d7a661a90333ac254523dbb2312911004e0be2e0ba09ee280e81c4f12e892a529a9ecbd814ee7b83bec111cafba06b4eb421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a9a68576676845e6e3b789de7bc3fbe

SHA1
e1ae279a71ea8e76c0ce27c14dd519dd42d12ece

SHA256
8e8cb1a176afc875c88c741e7ba6a5189acd9450626be65697dd9786fed190b8

SHA512
ed25efbeeaef4af1cc8166089fe6eae53249433eaf46b125383ba533a112c01c42fc1fd7da00b8d28556f02c7e14b71d2efd3b9a36d839cf0eb70152c2a82e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7d1afec259b0dc2650f9987207c4128a

SHA1
90c83719363231bbb1f84eac36ffe81436ed8491

SHA256
cb285ec21c0e8d07cdafc6c78d21120e3dee1a47f0d6c0884d826adef5b110f1

SHA512
c634abf72fb61331a699bf55a96eb02a9f1b82f1771e39ad6ec5d424157f4ee28a2ac82e9e7926ccdbf925ba4cf1de55fa20effb0b1a61261683e1521c069389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
705aee708c23eb43d65ac73e7f5bf214

SHA1
b81bc6cacc826ab1bb5f8cdd89b496bc9131c8b4

SHA256
9e5cf5506215110b8b4e1a708f85a7293093362d50348a0fa5fca4963fbfc1f0

SHA512
07d782cf35f0511bcdbaa097e9621e62f61d44d16bae3bdce94ed1e62b5ac5f6496380525435afe49823e781accc5ff3244f5f62fa273c56fccc9dfdcb49a0cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
3de0db0ec8ef54412aebad7d0000d77b

SHA1
342f73fa669f8fcf23cb6118d791c0c8e4df7a6e

SHA256
ef1a48e71faa475974971a491c5af00d50cc139c3a9fd0c097a21d7cb2cb6f0f

SHA512
3a93c28fdf1f6cfd8aacaf770bd0d0076b08282e41e62b6d3beb87d3cca59dabccc50d7adf3ef27fa35463760eabe8e4f953fd9baa3bb0664587ac18a375161d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bcdcc.TMP

Filesize
120B

MD5
db3d9b8544ff7f8a7070de9dd69b6e32

SHA1
b24a2c7ceb7901c7a7d9da337f0527ed91241b3f

SHA256
52c720950d0e29ff2fda42e4215fcb0de30ae5d324143609b6c5e1d5de3eee30

SHA512
eeac0f5e00192b25cefaba9a63e927ed49fc797f0b760a5105bb7b648853fbd3fa52d56351ee03ad9826b7255b1079b2499533c958ef91f0b3a0e54c9f222eae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
bba5e56ce1bfc643bd752a876ac86cd4

SHA1
857ba3c4b5965d136d839f3db8742df78271df7d

SHA256
ddebf93320d7a6ed775c30871a8f77455c5d5b890137c5e33714ead560cd0b8d

SHA512
85d0a6face8cfeb12b7b83c8237eae828916ae466f210e7d07bca405ff2bceded5f44a073190b2e7fbfd09610569ba2c1d3e85f895f9e1cf5435153e0acea273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
da7c8fe9330d7dd4942f8628d41acd49

SHA1
487713a810f8ba1c34c9341dfa1fa89777ad3dd6

SHA256
2273c6e740b7c205b18811b66c04f7f946a61342485624aa7b94f27e15b926f9

SHA512
70f900ab9e2cf1679f311cad22bf684494d2f3be92cbc2e909a7ea2cae78ba2bc421cb0a7f4a1a95b42c02de8bee822153076bd7466e5235d8113f0e5a38bdf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
cc3cf1d59d15a55106afe3bc154a41e1

SHA1
ad08d09a7025d549728ff668e911afdf7fbff726

SHA256
365c03e9f8b2f44726709fcd7b403dbf718cf734cd76068cce79811383c2b381

SHA512
672878ce5599b514f3c3c2bc58a6bc93a6b92be81853250169773a9c9fcfad28474a8b3427c98928fa428e89c7a4f4a5ea3264510a21572ee7cd5163d18ef9d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
9d121f9a177093613c151005cb0aa82d

SHA1
434df77e633ee66eb0c1cfecfbf5483488f92c34

SHA256
8352df8e0027da6af917ef6337bcb2f61c65b8782662b6aee85b4df2caf1ecd2

SHA512
1a2bf040a654dc8baab0ec62a4c575f385dbbf56934c56b9627b14a0c7fa8ed057bb1db1b4db90cdcf2c9985ed719ecb0ae4ea73b826222e08af27fbf33760a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c0a48.TMP

Filesize
88KB

MD5
fe7edc0c0c9286f37df04013b734d34f

SHA1
9294e3d6e8c3386e171a40025f60372498eb637c

SHA256
f1e89ae3383eaa734ec7ffa7afb90b9ddf255df4d29f6550f73e311c98832d4e

SHA512
cf9c5ee8c75b28f48b14f0afd75adf00aa2bf0ece386e981570be6964617312aeadfbbe915cfc6d40cd54d72768db27e731b261912fbb93442bd5732d3c20e0d

Download Submit