hxxps://sec[.]212-87-204-116[.]cprapid[.]com

Analysis

max time kernel
299s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20230221-it
resource tags

arch:x64arch:x86image:win10v2004-20230221-itlocale:it-itos:windows10-2004-x64systemwindows
submitted
17-03-2023 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sec.212-87-204-116.cprapid.com

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

94 api.ipify.org
99 api.ipify.org

flow	ioc
94	api.ipify.org
99	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133235280003738010"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4428 chrome.exe
4428 chrome.exe
3852 chrome.exe
3852 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

Processes:

chrome.exe

pid	process
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe
Token: SeShutdownPrivilege	4428	chrome.exe
Token: SeCreatePagefilePrivilege	4428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe
4428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4428 wrote to memory of 2120	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 2120	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3532	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3068	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 3068	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe
PID 4428 wrote to memory of 4124	4428	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://sec.212-87-204-116.cprapid.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff07b59758,0x7fff07b59768,0x7fff07b59778
2⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:2
2⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:8
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:8
2⤵
PID:4124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5024 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5380 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4988 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5744 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6064 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:1124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6056 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:3512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5760 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7160 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7912 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8368 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8092 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7972 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7940 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7924 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7904 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7292 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7620 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7480 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7296 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7148 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7008 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6848 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6716 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5792 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6336 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9916 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:8
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8668 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:8
2⤵
PID:5424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9752 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:8
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5884 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9416 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5156 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:1
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9636 --field-trial-handle=1812,i,17491881085701348413,16228524561123346068,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
84146f89d50f821b0f202c5f24d21343

SHA1
eb7c3a8ad864caa0dd10bd0add056df03202579b

SHA256
c6546f289794ec2530ef75c97b192f33ae5e8e3ae1cedeb14751cc3c6dead9d2

SHA512
7a83d9eab7eb46fe2cce794e2bad4ac9d98aacc3b4b736ffd4c9a543637f2150a4254eda4c2d7adfde98ab0afd7006e6934c81f2c61ce575bd3702dc45747d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
6c598c72b4ea5205ebc4626d457e94dd

SHA1
02be6acd281f5c16cad87d46f2c77f412d0321a1

SHA256
f7673c3598adf277445706fbb275aa7a1aa1ff9f5ece4acf9c223723d6dfd405

SHA512
6b3bac4d5d0530387d179998fc1b7babeedc803680c7ca49e9a011e3e43088bf3ce3764b5100f5df91d842d736670397118b2f30f19477b63d8f0d2f0889c405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
517f49a232c5bcb622c34c55dd8a0e0f

SHA1
1a8ff32dc1e7927b7169ecc869375e81bc1dc8e2

SHA256
846cd2ac70a18f1ed1b7ae6d642cded066acc919606bd46796002b76b9a78d0b

SHA512
d71e3403860a01d6b9533dda89e28ce3ce8e476e28970e3629e2fc352dca0aa5966bc9526a8c4a6591efaf358eeab70a28c624a3760086b9f03bf8de89a5b601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8ece7da1d44eccaeb6a6dc843dd7f78c

SHA1
b21d8e7f4386d61e7dabdfce7f5dd370dc2b7b53

SHA256
4ff94553e6cfc6cfc1b9341b0ed7f5d9a76c130f80f235a351f8a29295efd4c1

SHA512
a23e08919794a07599d36f541c0ef9ca65977a79436c2d9d893ac2b51852cef87e27fb7c3f94b0d4301ed2e9ca9f29a3291780883758da2001b25f04f1c1bb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8fac754fa481b0eeac47113e07646182

SHA1
d63f693997c3369200b6e5549b9ca503a628e063

SHA256
6b91d230b411354e74564e5b6512534aa9bb970c69cc8f7e8edbe5b9725f245d

SHA512
df5ca0bfe40be0c7389a972a9b60549109b791a6edaedcf18772493bce33c954c95033ff7d7d88cf542101ee6353a9d478c500875f7909cb8c779244400ed0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6439abfdbfa1085197cec8c3b8be0ce8

SHA1
6a5d1b45e875d912fd328e5c91e6736ce9ebd7ea

SHA256
747fc1df80e9bac45a98c5b403673c339d9aae074f03d6e6a0ae978888cae3ff

SHA512
532b8d4e681713db3bbc1ccfa193c45c8901b96fe4f6c7e8d029a3f11bdb4fce1d171464d16137aa38514efb0ab88c118d611a397c0debaa1216a05bd7f29237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
89366b9bcd67f60cde9ebc84a03c337f

SHA1
a17b715fcb6fc32b3c16646a67ab37800eb1775a

SHA256
de5c143783983e008e5302a5efc44d7cf608fadab2611653766fe6b95447f73f

SHA512
a9ca30d8091531ca3715fcec42ebf3a4a39df6e53d3406ce3472e3aa186aea9c6440b2936fcb26a2c6e43590606f34f24e2598d2844a5e83fbeeceeda0b1128f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d1369dced1df05348941d8ad5c6fba67

SHA1
efa441ecb78a6096f48a700ddb6cb88936e1b359

SHA256
5105b3b7d93d005b01787b390f822d1537e739389497f1935ae470cf16490b8f

SHA512
7a237a97ffa27188b8d0d4f9e7678ebf89fda2f2b55bcbde21545eba23939844739241df9206dd6051be07bc383b378ddf812bedac5831085d6bc25fe48db753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad375983c8ce76a62c7c6204b3add848

SHA1
3228f56d31001b09ddf203a9ef53d236e4d767bb

SHA256
43aaedbf34872bbb24fa4b25c221b898ec9d67d35be40c9fcb0e08ecc34a0f4a

SHA512
6095f9b015a699dfb5a542741aa0d1ca20da2f817223814f6f85a2d0937e7e54645d51a7cab1ca37bf844eee10c4e0e08ce58225c6f9c0a464f224089af9b878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9f10507302750835852d7a1bd388cbe0

SHA1
36841af788ca7f24ebd7cfd08b81b93847fc31a4

SHA256
31a9fd1894ce4c9688a6c5e7e07a5a48804ba8b491f3df8e7bdb2ac6f9794871

SHA512
cc62ffcf7ab758e0e70e0feab764796bf6c3a6dd30de34d952e8b497291687e14a519b44c25dcd0cb06de1f9ef82f1cefcc6eb5f63dca1b4a2dfa139f92cfe90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
e346ce857f86f235990a98fe0e04582b

SHA1
67c47c3f158f0de901d8fe295da251a7d28e4dd7

SHA256
b3e6841f7bfd9582a700287cd71bd18b60b562ce06497db1a9f429962c52a5d8

SHA512
74fba80b5ba88d9ae5042d6d8ba99f703a4e8d2cd4ac13ba4c377311c4036e4abbd4d10d6a21b4cb71bc4d1d3675f6db145ef9e0c7a7b7ce60dd4d48bedc6774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4428_BLJMHMHFWNYAKOEV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit