49f0b6142e0911f7da3ced3fc246c07fb985c67d4827100384edc49e15626cf1

Resubmissions

27/09/2024, 11:17

240927-nd7a3ssdpb 3

27/09/2024, 11:16

240927-ndldlssdlf 1

27/09/2024, 10:22

240927-md8ngaxflk 1

Analysis

max time kernel
1799s
max time network
1735s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com.belmoussaoui.Authenticator.flatpakref
Size

3KB
MD5

07a6cb0d64ff004e49d5b500d2a7be99
SHA1

044006236e932bdffa7363203b0d4cbb8d20970c
SHA256

49f0b6142e0911f7da3ced3fc246c07fb985c67d4827100384edc49e15626cf1
SHA512

765016e5e827a5247027cd5e191f991fc765f11d90ad6c7b59cd96f86acb6acbb552ac17132d2495dd60ab4f6c1f066b0ed5e1c8815d2878cf65f44af6a24912

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2864	2904	cmd.exe	31
PID 2904 wrote to memory of 2864	2904	cmd.exe	31
PID 2904 wrote to memory of 2864	2904	cmd.exe	31
PID 1992 wrote to memory of 1316	1992	chrome.exe	39
PID 1992 wrote to memory of 1316	1992	chrome.exe	39
PID 1992 wrote to memory of 1316	1992	chrome.exe	39
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 808	1992	chrome.exe	41
PID 1992 wrote to memory of 584	1992	chrome.exe	42
PID 1992 wrote to memory of 584	1992	chrome.exe	42
PID 1992 wrote to memory of 584	1992	chrome.exe	42
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43
PID 1992 wrote to memory of 2292	1992	chrome.exe	43

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\com.belmoussaoui.Authenticator.flatpakref
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\com.belmoussaoui.Authenticator.flatpakref
  2⤵
  - Modifies registry class
  PID:2864

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5279758,0x7fef5279768,0x7fef5279778
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:2
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3160 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3576 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3688 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2684 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1792 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3224 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3864 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4044 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1548 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2560 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2724 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1852 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2596 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3736 --field-trial-handle=1316,i,3546062665360019791,17072201193489183306,131072 /prefetch:1
  2⤵
  PID:2644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18e689d3d1612a694dda5d4e5629fcdd

SHA1
aab4874b95ae95e06a87eb48b0abb82399798bed

SHA256
0408634da4a21163a58fe593d1f109018efac410ac820899e9ea3ca633797f69

SHA512
25e1d41d752c570afbd9a6f7dffba549891d0c8ef936840e8292124b89a86491cb903180acd6f0f0506f0501381d94d7342de4781521aac95fdb2cf50f69730c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0f4595f8da8e2386976d6c708ab8ab7

SHA1
07e10ec9be8585c26ce0f8b42e3896ec025254ef

SHA256
d00e359aefbfad46ceb2cf6d2f8823887ffa79b0d75e2f9ea9dc597ba7bd7479

SHA512
6f882e6314cd05992f35ddcaa2db48a1b9fec12f3ce5f795605e8295c5b098e9ae21d14944efdb1c01aa1649c933f0d1f41a075bc4bb7b26efd57d0b49de18d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
dbb74f17f882c76550d48de0ba3663f4

SHA1
5588f567466d97fe9942087b1c519d2b656c5218

SHA256
4926d87f3aa10435e11a417f901c7ccc8b415cc3d6bc3ac7ccba9ee9b1192786

SHA512
6710f0d865e29d0ec2849bec87db312fdfb043418a1fe6d484955e36670d370586df4e260c50a8165444bbe706d4d9c653cf8cff8c08b68807a09d0fce4dfe3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
cb9e26f4fea213700f08b2eb9230711b

SHA1
cfef27db2450645d1a881d19ad124dca8f3f6f7d

SHA256
cb77fb9818d25fc804b29c3739078d7c48e8ff10b44b1930417013e946916cf5

SHA512
38f32012454f3d9a56de355ceda0099cdde9cebc462d158f6dff689f1cfd21f043f297aaae84cf736c2521a12f765020a40d020e386e37be67a7d5855633a3e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8af43e1098351fa6781da229140f12cd

SHA1
908195b28b516c1810f3d85e7db3a2fb3f416bb8

SHA256
614c2c6cda009a9cbedfd997f7bda6378edc7ea5eb9c9a17cecf0a19b8c2bbe2

SHA512
6b9f004d4d4426acb66ff04ef8a12303a691396fe3da69e447d98bf475ae45b860e927a4008804d04d97d2f5265a830eee36ed364dcc1f8db816525fd652a00e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
08fd8e3cee55d332d238d479953a6d62

SHA1
90802d9c7a18a9a75719f0181c2a4f4eb277465f

SHA256
b920950f2f90c8f2c4e4590ab99bee0847beee447f6f6e28b6530a6d218bb63c

SHA512
5dabbd3ac0846fe5bc1d73a753e1ad41877d8a220db4ee892da1322f509318b5a3b2a7d9a9824a5da812de6da463f7736671560d8c6cd565aa0edd188b34b5a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bbb4cbab7ad4f4924a047f527423a6b7

SHA1
fbf6b1f5284246e6d5b640824cc21d8c1414355e

SHA256
0f12dd605e9af836d632c5ff60a148a05a43e0cc4df69310d18d3b61fddd6f5b

SHA512
13b27f29540ea51ea63594ca82a6d2aae4f390f7908a290cade4f54a9e59a27f29bca1a21a9c42046e702ee863ae260d9b29b209517f4ab521c1dc3397892ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
dd4748f5ea054f327b3fcdfdec41a0d0

SHA1
51c1aa949199d5bd67e854270d914c9d575f20b0

SHA256
bc9e9045adc72bb059b1b3143b1ca9cd736e9a4a37bc857d58b3e220516b193c

SHA512
9097eb8e723f27bf24ba5b0ada0a81f5c44055015fc3c7280e505172d47e70d4ca4a273fbaaec7f077df8ae8a2b20b5a1c30c42d21e982495ba6cb3e5863d210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
687B

MD5
1d5f211095160b4bc34472da5bc6df68

SHA1
81b22f158ad52b9a29240396dd9df08e3bf0a771

SHA256
b1a91a88eea26f79fcbbdbf8008d99a48ff4475e00fb43b2a8cb7c596de56101

SHA512
7af641ceb12533f2489f172d1efff5fa54d7bc62d00c508861be4000ccf9a214041f2ac510e0cfa8d90f343ad5398cd6d65ccc9835ae371df5482f277f8d447d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
687B

MD5
48a088221d1c75be4f318818dd6d86ef

SHA1
6c9f6e1f422cbc6124b3e92a22e7ff9362334405

SHA256
b9ebf9d2c7b3e775ba7a5e090e1cc5c6ce12be0a94e68c36f570eb691050ebac

SHA512
a152b6746f53d3c81b42991141c457d06c1fd9720144a52ce9817b7645cbacc6f61ddab4b129bd93f316940a1b9a9c3c836a3c56775e2d06b60c2fa2418c37eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
304dc64ded041bbfc69cce72575dfe08

SHA1
3a50fb2526e1fb6fe221bf56d96066f12b101d32

SHA256
5c90a65d169cd11209cc1210b817cf2bd1f714c5e1b55a12a6ef2948a2b07138

SHA512
e07818dc5130dc3e158b5fefa0545ff7cd8fe131fcb537ca0b8d65689fc8bc316b37683b67b6ca58d5e14c76a576a902a31efbec18bca03e0761753929f547b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
687B

MD5
22872fd8f2d1b4ca32478d15fb365708

SHA1
5352e7690ff151354098dc07d77aebf16c7491b0

SHA256
a7157d6bcba45fab2d3d95070a4255e56716f7c19cf5d78be32fb8d03f12f43e

SHA512
ad12c040f8a6bbccb1a86e0ef7d022c28fbdb29c29d81df1e23b084f01cf4d8fc592c2d2d370ebe684c8a38d1db3ee2506cde813d6996d4aaa5b565460fc2c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e2f5358fedbb9939a4884109c6b79cb

SHA1
4c8bd72fa1dbe267a7bcb91d4fdd88502610474d

SHA256
30d786bde478eb29c92efa2ffe53f5138c69eef3705f9a9f6912d0de6ad462bb

SHA512
f0ecc4ead28e42624f3b17e080c1e3f631b9a0f42c06ac55ac3022fe3a2752cae114fe57f1546834bce390225902d51375cc31b1441b345cfb88f8b0604e2f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0090acf62761b7dcd0a9afd527c474e

SHA1
5e6318e979733d54b2a2c910d98939ffa247d0a0

SHA256
a2fb7da65379cbc318017f4027ac1e7eb702c6fcb2eee32abdbf8f1a859942e6

SHA512
19b9b7ecca8f95fcd640d3787223fdb90e97f29870263dff76bcdaf5ea58b989ff7133f179307165b49441a7748f9165acd966cbeef0dccff3ff3147e7c0b31a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ed72bcf45ccd195e2c149049d7649c47

SHA1
ea429c4c1a343e3eae39d30595ad1730be607951

SHA256
257e1ae98d01200e718a84d8ce12a87977e85b0bb5c9cecd171b65593fa3e18d

SHA512
35e62b5f9905f8c176b17be7d867b4cad2232b71dbd469dcf3a13f5ffcc9ce66acb15eb81cf2e72fbb3509ad1c5dd3c5f6019c1fd7ef8b0e5c018e3d08d81b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f5410dfde8745b764c5eabc72acc3f74

SHA1
3a34f7851d0278065320b44219fadf267e961958

SHA256
e4c6e259a5c4b673b4eb502d8b56d1289be496d1d7255813c61bddb02b02c0fa

SHA512
9641b2565ce80c47802a194cd72403861791e97a76d067e5bf8b383e8db28bc29f322a59027a9a318a05a55dae5b954ef38fbf4d4cdad97d7cbe0f17d579c0eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
328KB

MD5
9b0f082f03bbd5aabb726ed1cab910e2

SHA1
e34ad987eae377c5bbf6349fd84f8045ef8bbdff

SHA256
a83cfc24c8d812d998e5172f75a43e1d4a6ca6e41bd1cdf066b6b7971e5af810

SHA512
dfab325ee6419a346545437cc3b588a325716a6ef1dade485902a5e07eaf49c526a85e00dbbf3e99d877d85a13ea8bb12b2851dad8e9401880fb84a79cc2d9d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
328KB

MD5
1d2a142e3fc91edfdd8c9ea4a89fae72

SHA1
7d6ca5f8401efd6b1ea2fd291f050e4c2b20eb40

SHA256
fa2d27354a8ae7d67e8adec0c0b2e0d04f58867bf49aa26873c661b1b3474842

SHA512
b5f38f21f1643d5a2a4c801c967c7c12dcda593533037ead8dcbafc77179f273942d0c11237e617b7ba1d7fef7b1dba2544020af194954949fdf241a3bc8cc42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F4D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F8F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit