d50ad141854cca0a356de2c38f533ae4e87bb9379d96f656f12fb75c94024cc8

Analysis

max time kernel
1799s
max time network
1716s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
02-07-2024 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Visit www.pesktop.com.url
Size

122B
MD5

ec78904d048134a63c41a2dd63a5b201
SHA1

31423c68a5d5a9401a973d2cbd6c8d84607821d6
SHA256

42e647086d0d6d89c283279ab7974260ed242b0b925d683c8856af8c004ea430
SHA512

e0edfec56103424fe78d6e6d32ae80c91369bd2327753c970ef778ac585467e31a2413b00a46d569b256b3b81fd005cd69167890714fb50384722c1a0cc5e861

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643578972060089"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
3432 chrome.exe
3432 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid process

1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe
Token: SeShutdownPrivilege	1776	chrome.exe
Token: SeCreatePagefilePrivilege	1776	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid process

1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe
1776 chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1776 wrote to memory of 3324	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 3324	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4624	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4844	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4844	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe
PID 1776 wrote to memory of 4480	1776	chrome.exe	chrome.exe

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Visit www.pesktop.com.url"
1⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd12f5ab58,0x7ffd12f5ab68,0x7ffd12f5ab78
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:2
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3488 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
2⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
2⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:8
2⤵
PID:3680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1524 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4892 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4092 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2424 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3272 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2028 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3284 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4092 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3832 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3328 --field-trial-handle=1784,i,16776577673998293386,669928790862494853,131072 /prefetch:1
2⤵
PID:704

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2288

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1edb2f2d-9e28-47f5-a67b-4c435ecc3cb6.tmp
Filesize
257KB

MD5
d4593c547774c4f3a0bec229405367f3

SHA1
b6636fc1e90171dd468c763bd088904e9976cea1

SHA256
23a51aeb69a5e24872e504ff2d977e265f05233a2597da392b92aa933c6e13fe

SHA512
00d2e2abda098688a1ee792ac5e6eae052b6274a8c8242599bdcf75930250200936f1c938e89725b6b39226fcce2200907c308f7aa410c4feac441f0608c52f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e1b5825ddb76016e731ce4b1f350874f

SHA1
d641294c929dfed6f17bc741ca5b2229d181639b

SHA256
ff66869426b0b13287fd5f5f1f28edd322244eb3b568a0ac1579a9e94997a5c8

SHA512
4e7992dd18720167c891ae54410e24c3384591ac461101f3ac2dc5fa67ac2a2659232d5569ef495ce1cbc984738c6e04f598df49e1b17cd9f5da18759ff1ddfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
18cef4b0e064f7a4941ef611864200b3

SHA1
80be32d87fe54d4f1d5e0bd429d7efb8ee0a5adb

SHA256
0469b9e83bb389605fe9307493e403b2fccb24b68a322e7af4eff8ea2adf7194

SHA512
556f7f6f2d70adc3be05f40653448daa0fc5b227dbc161e99f74ff5fcba8339871d53efefd0e35a98c37b66cbf1a3ffa1e0cb99c83c8f0caec4dab78013e53c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
8a7ac94930d209501b0db1d175b833a0

SHA1
78c30f85d70459464e0a0918b62b556008b65642

SHA256
068a00a89cb7edf68c2864a3f94ef2cbdda9337f83569eed1aa9e1d2c05b4fee

SHA512
d7409fd49bab60df6a88133fe072fc3b77feda45656058456a4fd746e6237a278d98f9877ae731b89bbe441015101af6d96803ca57ebf91fe7e430ddb075b70c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
86KB

MD5
05f74a00effe0b3211ac3f53a92e72ac

SHA1
8d494feb310d54c42e25856b81a1750d430e5da5

SHA256
e94d67353c61ccc8b3b0b29b16ec4b4ea573c5e2ddcd8322aaaedb88cd10e8f1

SHA512
f6d4f3db2bb9240bdc51412ecdef69364cc5a71cb936ca77d202b9237682efbd24f3f1f0044614dcacbdae4e43164941fa570976a664f6b41410d55744bc65b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586f20.TMP
Filesize
83KB

MD5
3bba1399dc975b046d7ed68b5ed2048a

SHA1
38539354fadefb083b4296ce188f25a9ac63f0d3

SHA256
d3d6fce51fcdd7ab8ced46202eb709d21f39adefa2c847ca514d2a25f695bcb8

SHA512
5481d59b578109d59ea55c8e6441ead754b37cf07b88f6b9932e314910652ec5fbd67fcf204efc02363db2617ca03c217ab0a9773adb57ef67be197026a21742

Download Submit
\??\pipe\crashpad_1776_HISLBGTUJOGBBAIM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit