hxxps://bit[.]ly/3YL2ILa

Analysis

max time kernel
420s
max time network
421s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2023 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/3YL2ILa

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133236420761230597"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2180 chrome.exe
2180 chrome.exe
3204 chrome.exe
3204 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

Processes:

chrome.exe

pid	process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2180 wrote to memory of 1664	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 1664	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 232	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4140	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4140	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe
PID 2180 wrote to memory of 4060	2180	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bit.ly/3YL2ILa
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffe7ee89758,0x7ffe7ee89768,0x7ffe7ee89778
2⤵
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:2
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:8
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:8
2⤵
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4740 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3340 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:8
2⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:8
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5176 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5112 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3888 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5132 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:3648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5124 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5260 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:1124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1604 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=748 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3592 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3324 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2760 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5248 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5300 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5340 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:8
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4708 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5140 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5148 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2760 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5060 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5024 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:2624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5336 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=2784 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4828 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3364 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5276 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=1472 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=2380 --field-trial-handle=1828,i,14319013945168539745,15552164300182736099,131072 /prefetch:1
2⤵
PID:4092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4260

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\83595388-668f-46a3-92ec-a87d8a0575b9.tmp

Filesize
10KB

MD5
a41af7dbcbec62e4613363768d00dae2

SHA1
13d7a08b20a8a4ee168275de2f1b9e55fb5c85b9

SHA256
82f94102719ca78b4e7e5166a0b176801be82e55bb4bfe6e7eeee5e1946e8676

SHA512
db565be8bb7b88348169f18a7ca7afb24a3ed7199a95659a9c445acb41b4b8d64fc88de90076f9c75ca05c0176364f0ad44f86aba05d56655b0833fb25c8fd9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
742d9ca5cce6568866d9375b9b4266cd

SHA1
96560c8e18f398a0c2826d3f8123e01ddd70143d

SHA256
cdf86508469dc54a1a890517ac310645c7d71b3f18fbaf28d10dbb6dcb5a3d2e

SHA512
4eb2783ff4d22d0198b21565f94baaea97e302c75be7b746a201e0571badb0c751ab858fe9e2b3121137ea31d6e9dfee06dab103787d2b2967263360dce62a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
49d6111cc5df840b43d4e3f3690fad25

SHA1
35cd486ad13c45c7a8be560286d78275beed6e00

SHA256
478720012244e91dff13aa752cae0e92ac93c09b9b6e7779583dfec01263ca9b

SHA512
92986e0eb929d41701285d4d0ebf29b204d12b8ebf59bca3fac2dd2014f745e521431b97989aae67133502cab8130450791a78b1071d1d5e08b68b08d7cc7543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8d077ed158a58fe1a0de8484a5f81487

SHA1
88be731024f368885717f57bb30190381e1914ce

SHA256
8d4540a2e1308fe19e79f491b1a70b8662871b7a66152815e245679d187031c3

SHA512
4d13279674defdab41b29f7af5c3ad874910dfdcfcb4d5d183acd0a0c2320f38bcb4e8ccf56f3e5ba64930eab7054afefb583d7c4b75c06fa0401f45da08030f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aed0628f0b486e130769fd748a3885ba

SHA1
a4f1eb8e08b43750e9bffbd46c153ca289b6dfec

SHA256
0aa4bc55a0202d7323ba018bc709cedd5e41be06c7e2ec8a6209e62d57ed2676

SHA512
c6b49565244b0b214038457b038ea9df8433a476b7c9e8ead67856c3db7128a1934322cb239bd02528f3b07dc1b3f0fa90859b6e5e08c1f31bba2c52e5f4afad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2bc27b07dd5cbca88ebd070401380f9d

SHA1
7fe11f2f826673ee9f967e55e997331e93120930

SHA256
a1f875c0a4e8e5af3ce09cc0c9f8de556fba549007b11ea375386cd7454ec1c2

SHA512
bfa9ceacdef885803906c97aa558e2e48b5c6185a21fd36d390c0a23cd80949e8d59d1e80c1d283fa963586fdbf584b6191d43723b52efbf59a6c5933e6de1d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cceb71dcdddf0914acc1a701d1a04479

SHA1
a68c5fb48b3727112ac0bb6763b5cc7fd6a68b14

SHA256
2b01d28a2bd60bb92e98064bacd6b5c9dd4109d0b8091fc9d62e41e7a2700db2

SHA512
b83ef19e17338665d6824f3f1a3977fa29926322e513de926d0b9a300346bf80b4c9f9ccc1d1ca0da85cb700803009157ebd9a9d3fb58f6d8b29934bb66ff905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14096b19610697fb183c67353a385499

SHA1
a9747552d3c0bbe1b06df7c86632ba80ca305f3c

SHA256
0c5274a232bd5ca445fbfa8387b61fa5890ded358c650f3de4cf0f2ed1f5c879

SHA512
78087561fba41ad910c5a14918b03221176a5d494e2f8a0f5ee6eec54ababbff69e4a0f22ae0a2ced56ee2d91f816fbb8d037ce57d0ce224e4999a3f8f31a7f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1fe9e161e5b8304ce4a791595b40a389

SHA1
9774e1bb7022ffd6cc0f7c70fc3d69474bbd5674

SHA256
dc6b349d49e208ac05e08c0beef4297ec06f07b89f3157807938459e0a1d9e0e

SHA512
bb8e30d675a9dfbd6fe927e14280980807119e75f43a583b23446b6300fce9ebe31450a05f8ed87798e14cbeb63d99b9d6daf0ed82b96b329e99d11d240b5b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc8800024160823abdeb535f156ebd07

SHA1
9264e07bf40c82a46f65aa44ec57c5cb36dc7462

SHA256
2fa034e9e10d09f88f5a96825ef94bc3a2f30c125951047340d0c76eb8cfa7ed

SHA512
64f978f3d574041e226564425355e7a95db4d78d3081365dcf323d146dca883c80390fcbcb891008b0c0b950cfcfd22d5ae83f1bfedef7640f22cc6b561fbaf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5354d3bd722194d74fce9d77a4c9eef5

SHA1
280d958d1302ab648436ec3493aa559d0767ac59

SHA256
ddabba155b2a11c1c8b21efc9d6479ff0ba7b66cf90b473e91003f5e9134d634

SHA512
7da8b73bfa176764848940efad57e7ebd985853824c5ba4df07ad181516f0f6f9bacd052e37323c3432386ec46a930365981392c8d947e8ece9583ff50fe8a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c52340510de175cf0a3600ca7d948195

SHA1
abad70911dd92eab21b8b930672370ef3650cc85

SHA256
32a4467f7c73f2a35e1e1773385867d08f2d6d10fdf38cfe293d622fe133b942

SHA512
77e186dacf350445098d4ffef795d5e5b1e628ff6636bb9d995fbed6d54758d5ec68d9e9dcb981031bda2bb51278d877367323692547317abeda4403cf0bd100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a58922790029459a4c998a4fd58f2039

SHA1
bbeeb35d1a35209135521e20f05751c5567c8bc0

SHA256
545538d95ffbc57ded974fbaee6dc7bb9bac5ec5bb28f66b0f60bbb9b58278ee

SHA512
b7e1882816a9d34028dfcbc884f531150ec37d0f1e62a34285e22ccaf0c2f092abc1e0291393659b97208eaf986ab7de217bc0d57cf3be330c30e24423b7fec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e083e79819baf836822f4e753c55eeb

SHA1
092b720c941ed48a50a5e542d797c75f2e378db4

SHA256
d676701207f96ba24ea634a130b6d47847f36b397be7987989301bee620dc77f

SHA512
dddbab9969aad65823df623adf0ab36162469d5ffd671b36615c3a68f6ccb27176bcfb86783180e4cec84fcb90dde750f1d909ef7b77aee7e665a226b88d96f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e08022b5e1b43eb81b78f5f9265c22bc

SHA1
83c84372f7a09add602c1162e4559360871ed510

SHA256
573b1e2af88b9783770aa9dd3c877e213b58f571c4846b4363aa53faa6416453

SHA512
b16227baff4f79ca1070e59b0d20f4fad95ae3a7353852a610f623499a0b6cea57a10433c10d510fe0f797bd4f1d6e6e5b328e7999275543d62eee5fbd6631e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
b36714295b55e25d82ff3b96ed1a1811

SHA1
08ede6f41bed03b396ecbb4ec742756815f4017c

SHA256
11c1ea7ad1b8a0e0970cafb2b76c95ff2048bc24a0390408ab69ce70b8bdbf11

SHA512
93308b14543ad827ec4dee5f9954ff71450081c178bf3e2905e34a64a729e620019ca252967b056b6bfff7d58d1df643357be93d28b9246b92b9a11137897a95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
6d0351b98f58b2a3500097f9299386af

SHA1
e6bae7fd093b8f807e9de76a28a5c0938652c2c0

SHA256
6c46cc67dd47424271ba69a87b4538d7fb6c5a6ffb0c15e3b4bde0d69d46ac66

SHA512
aaf7b133d03a60c34d18a014a84934401f6a8ce5d379428c65e285aa90302c96f01bedd94a73e8d825d59bc8747384e01a3e333995aa4aa9c12acf5c9a140935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
e5b910d30793e2af02e438b43cf47702

SHA1
9109db84ab39e52de3d9f0a2ac427e29da8f56bd

SHA256
6a736362595086743f78229b9bd982d3ca0957e6d0fabebdf68596e21f376aa1

SHA512
abd657c141c7dfdc9bdc5d05291acd027208cde8994f0c06e3aaa5e4e4f8f2a3110d8e220976d6d3526edc156ad1d7d34bcb167ee9cb17ddd0686572ee180c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5905c3.TMP

Filesize
101KB

MD5
d084a31c79082e39a296a31525561fed

SHA1
fa8765818af190004ce731ee483733ee4a796369

SHA256
d63a49541a434ab9fc18e3096f4409630e9b21cabf35f1c75d867a71885ac3e9

SHA512
00c189037dcb9eaf5c1cf531f2a27609f169bde8e406cee8f3bb18faaab61b077aaa0112220e7d5191ca310a620366015507cfe37095a82fefb7c340bfdef2a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2180_LDLIABLZGVRBRNIS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit