344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

1.5MB
MD5

c822ab5332b11c9185765b157d0b6e17
SHA1

7fe909d73a24ddd87171896079cceb8b03663ad4
SHA256

344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512

a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
SSDEEP

24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

73 raw.githubusercontent.com
74 raw.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
73	raw.githubusercontent.com
74	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648717352615805"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3492 chrome.exe
3492 chrome.exe
3492 chrome.exe
3492 chrome.exe
3572 chrome.exe
3572 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

3492 chrome.exe
3492 chrome.exe
3492 chrome.exe
3492 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

chrome.exeWaveInstaller.exe

pid	process
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
2176	WaveInstaller.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	process	target process
PID 3492 wrote to memory of 4444	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4444	3492	chrome.exe	chrome.exe
PID 2544 wrote to memory of 4756	2544	chrome.exe	chrome.exe
PID 2544 wrote to memory of 4756	2544	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4704	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4648	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 4648	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe
PID 3492 wrote to memory of 5108	3492	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff85ea4ab58,0x7ff85ea4ab68,0x7ff85ea4ab78
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:2
2⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:8
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:8
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:1
2⤵
PID:1576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:1
2⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4188 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:1
2⤵
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:8
2⤵
PID:608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:8
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:8
2⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:8
2⤵
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:8
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:8
2⤵
PID:3768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4868 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:1
2⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2488 --field-trial-handle=1920,i,1065393905995921902,5314956682045410252,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85ea4ab58,0x7ff85ea4ab68,0x7ff85ea4ab78
2⤵
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1916,i,16838400780460171177,1888378655932124647,131072 /prefetch:2
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1916,i,16838400780460171177,1888378655932124647,131072 /prefetch:8
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2e622239aaff6d778c494fea97908109

SHA1
aec335887bd43376554850d99955f5f5ae82a8e6

SHA256
e3ba21a0ca61fcca7a8d22d7002f79a4d7a5435f017349601826e99a144ccdd5

SHA512
4aa5c77f40a0f507f61163f63af8d1ed5d21c220c5666488a4cf4d2ca9d5cf965dddc2687eba4c61a732e07b269aebf4c5477c262b2bccdce1b15954d5a5ec80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9d83d8e3-1612-4193-9f3b-004c51428b7a.tmp

Filesize
6KB

MD5
a9e59019673205bd6c1dd1781af8c173

SHA1
99ea506fdf48d0ada26bc4455014e3a911f6d7dc

SHA256
91057fd80ba3c7bccc7a5aa60f44fe5c489ad818d6b997135224de0d45fa0fa9

SHA512
4d50cd05573292d32d66e32430e6112b7965f7c03d5d9d6c7d41a677c6b84e0c8d8fc06b397f3c49338d430d7350ac1c95d473deb114c1d017c4b3ee92cd8a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f04c2bed03ab2558dda53fea394e74eb

SHA1
c3fa17262dbfb327cd15f8fdac5cd74789473e37

SHA256
d9c8c8f480300864c828f2115e4ad229d77a68e5561ca5933b363769bb37ab02

SHA512
ee9b85c48b8dcac2defdc3c358fd422e906da80b342163fe16096d7ddce49a2a3846d3d5228a0fb4e2039a2a8ef84ff9004038f9aba8bf81538e2e91a57a22a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7d512c5733e66b6ae2454fb3d8cb7b3f

SHA1
9ce51d3b946b549037d1cfe0545bef2b8d4a6337

SHA256
e8ef547a9d81a3b97e08a9981bcc4d3c7ec64d200a94900b9dcdc10036068777

SHA512
e92683bac25f9ea242b74b0207fe289f22e003853b6eb25b7e0633d6bf0dacf8ca916721a8065efabb8c597eb641ef27992daf50e99d6d1dd6af9ce5f1871e0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c7be1586f103c9e5bc94e531729ca2a8

SHA1
f618f43232cb16d57e8e2ae5a581adc53c7f7d6b

SHA256
b7d9dc3fb8003d80719bd455edbd10ac48c1a9f721899a39248ed3a2e35ac2f0

SHA512
cca7c224898a3f8798b337d47005bdc60c8a1396282ccfc67d3413ffece0171fcdd68a58cd7a256d398272550aca1448b2cd977bc7a94e46a804e0d909b8b605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
698f8e72552544718c1e75f934c75102

SHA1
d377d4812b8f4bce021165c872749a3abe9ba8e9

SHA256
3ea3b131398599368c0bf3581ca8bfec5466d8bcd470b9ba28c8b764e6bfe2d1

SHA512
b63877af15766536d215f773b30358e4fe45f6f57e2a1388dc1a4e52f095dabb8221593922b70a3f150f9e146675bc497f7b2248d6c66fe92b4b741db0ddc141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
20cf812983fc3cbe6c9721ba16a73a15

SHA1
576c3e5b02615e540fb22995e3b2c095f5154804

SHA256
e9910675183ed13b8c2e9fe36b25a709474d31bc94e5854a042f40633347ef08

SHA512
d9f714b4ba73b749d6348ef98bbe87130c7642df5ae0701873bf76ea3f3aba5f1f04cd3ab45cd028b86c644e5b51ad845ff62a524a382ee3452708158c33e21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
27226aad7bba39a370f2b7009db6c625

SHA1
5c9d3fe4f5affda45867407329fd2aed3004999e

SHA256
317817e89f26541d83ee213d8ad53d7eb2371dd112b6127f9ed9c4a4a0a16cd5

SHA512
03e1d41e9fdc3ca088c1c4729718efbb8f241fff79dc6c2d1ba70357dc8f8859a9b0e4e0dfe4fb232b1b27a978a379d288266208c2f3177c939d00165ff39f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
868bdb00129c6a1001eb9f05a16bba67

SHA1
42d7b825a135d2127ab04957aba16725e4d4332b

SHA256
9f8274c17b1cc286f9f8b95e1e37a1a0bd4d2c1de6ef46afe6ddde8fb1d710ee

SHA512
ff6ff53607b38ecf5376c69073535e37fc2432acc1090abdd2b3b63302326086c26b7f65ad14f4d4b7c46b037090a786e9452b9c4953eb1bc569e55e7c1bee23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
47e04c495cf0166ea98815361fb7e40d

SHA1
ed998269e078f7df2e152614946f6327aa80f5b3

SHA256
319f063d0d934be815709eec75d3196b6679b9fc9da7c98046f776fd5261ce6a

SHA512
5fd7a2bb6a6c13222bdc3fdff67bd876fae1958cb32a1416c1f426f5d7cbf63749064301b1c95d2b9df91e263456f0d0c543fed4496e823a446a21fa2a95696a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
162754719cbb309d331c59cacf0ce886

SHA1
4a8f62c73f60368b8f422da4a67969b477d8e633

SHA256
e15c41fb10080b65f38b85ce414db68e1e4493137b55f3089199b785c2de37c3

SHA512
820ff2a1edbfdf0fe64fe54e45250b7da87f5c04839a7e6bc79b8cc458fb33abb59ab282ab07ddc33e19d916a0c44e53a7f5fe0b94dc27f997954504a6e14953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
efa1aef5d245a56168309b2a3cbab29c

SHA1
b6fd18323a350cf493a9baabd9ab5d837428db3e

SHA256
646205c030bc921cb46c0a3eb2bb0e6a585bc9ad86501b74228b7d3296e5f2dc

SHA512
f4a1f683e7e36cbf6214cf4ed2f5eca4286a0cfde3130a369635a85ade5bb8d55b3c65f3458d2df15477dd82861ee604973edcb9e1b0b2463abad4a49ee8d57c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
bbba8b3c3724a1a9d06cdcd4d06d983b

SHA1
646be9d25e0bc7934d4b90a12be41dce781fe3c6

SHA256
353882f1606e97692fced7d2f36dfe86f69099ffdb14dd2095a39b0762509320

SHA512
e7286defd37ee9a87e5956b20d4be984c5baa873de81905baf2b0bf74c890287a63bb0e343a3a91e4437c7f9f6882b9e51838430b6921c0bb6ec4be4a09af3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
ec10f758ca4f88af85eee7e383ba03fd

SHA1
3c7258730e4ceeda47b9e0e29f25b1b0f41dd731

SHA256
9bf419a171d711c251d8d67340347ee1f6ce0f19f2270eea3a588bb8674d6869

SHA512
b7f26aa5fc6f2e016295bbe1d84586249f6c3b3623cf529b746d632269f9ab31b57976a47c8e8d1ad98f7610166ece86b119179f058b2945c7953a8215e39c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
b5a1472b076f530e3622091775700cfe

SHA1
c40fd5d1f3b822c42335a5f4853307d88b3f3505

SHA256
60582bbd7e735bfea65daa5f0138875cb9997671b1874b839fa1a94552b62e07

SHA512
07a202046f6dd973a70323da00c0b79dce8261d3e0739a28ab49d07e8f02d9a1da585dd8bd812fc8ffd58334d0dae4c2867f5cc13eacef63d8f446b566bea088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
89ddb767838f5cd6664417ee57419157

SHA1
5913512d0fb9b8e6847882e78b757c19a17e7fbe

SHA256
102dab1534f866c74e39b3d9a1931b5d80d9a6dbedac0a49afa1445460f89ca1

SHA512
97d0e7e5f00c9cef57b1c7063c729c9de1a884f5eef73f4277f8faf3cf5e7834dd978e7d3ceafcc3ce3deebe6536998d6c2bb04a574dd056fcd60822715578e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587635.TMP

Filesize
89KB

MD5
a4a5271f8aba1ac8b336240f0b256e02

SHA1
e6668c5f93f7174747037ec60bfe39fea2455cb2

SHA256
70d571b03713967650849bd8ad6dd26f5b1f1882f2caf11bf7d508ea6e03acb2

SHA512
fc2377119ededd320283fb5beb2ff7f7447a69550d08c14ff8e224a5f3f0caef968ccc2fa2bc75fd09032235af190cf514cf906be190e2eb46ee49da287babcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
\??\pipe\crashpad_3492_BQMDBRMORAMUYJAE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2176-65-0x0000000075290000-0x0000000075A40000-memory.dmp

Filesize
7.7MB

Download
memory/2176-103-0x0000000075290000-0x0000000075A40000-memory.dmp

Filesize
7.7MB

Download
memory/2176-101-0x000000007529E000-0x000000007529F000-memory.dmp

Filesize
4KB

Download
memory/2176-69-0x0000000009EF0000-0x0000000009EFE000-memory.dmp

Filesize
56KB

Download
memory/2176-70-0x0000000075290000-0x0000000075A40000-memory.dmp

Filesize
7.7MB

Download
memory/2176-68-0x0000000009F20000-0x0000000009F58000-memory.dmp

Filesize
224KB

Download
memory/2176-0-0x000000007529E000-0x000000007529F000-memory.dmp

Filesize
4KB

Download
memory/2176-16-0x0000000075290000-0x0000000075A40000-memory.dmp

Filesize
7.7MB

Download
memory/2176-228-0x00000000075A0000-0x0000000007636000-memory.dmp

Filesize
600KB

Download
memory/2176-229-0x0000000007640000-0x0000000007666000-memory.dmp

Filesize
152KB

Download
memory/2176-230-0x0000000005F40000-0x0000000005F48000-memory.dmp

Filesize
32KB

Download
memory/2176-232-0x0000000001420000-0x0000000001492000-memory.dmp

Filesize
456KB

Download
memory/2176-233-0x00000000014A0000-0x00000000014AA000-memory.dmp

Filesize
40KB

Download
memory/2176-234-0x00000000014B0000-0x00000000014BA000-memory.dmp

Filesize
40KB

Download
memory/2176-1-0x0000000000B00000-0x0000000000C92000-memory.dmp

Filesize
1.6MB

Download