hxxps://lsems[.]gravityzone[.]bitdefender[.]com/scan/aHR0cHM6Ly9sb2dpbi5vZmZpY2VvcmllbnRlZC5jb20vVWl5U3pRWUI=/9316C23B5999B3E67AC7317CC43A75564E3FB856498C6992CEB1808C11CA2B95?c=1&i=1&docs=1

Resubmissions

21-03-2023 04:45

230321-fdrlmaag7x 1

21-03-2023 04:38

230321-e9xbbaag6w 5

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lsems.gravityzone.bitdefender.com/scan/aHR0cHM6Ly9sb2dpbi5vZmZpY2VvcmllbnRlZC5jb20vVWl5U3pRWUI=/9316C23B5999B3E67AC7317CC43A75564E3FB856498C6992CEB1808C11CA2B95?c=1&i=1&docs=1

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238507674067303"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4960 chrome.exe
4960 chrome.exe
2552 chrome.exe
2552 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4960 wrote to memory of 4148	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4148	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3084	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 2100	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 2100	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 1160	4960	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://lsems.gravityzone.bitdefender.com/scan/aHR0cHM6Ly9sb2dpbi5vZmZpY2VvcmllbnRlZC5jb20vVWl5U3pRWUI=/9316C23B5999B3E67AC7317CC43A75564E3FB856498C6992CEB1808C11CA2B95?c=1&i=1&docs=1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe6449758,0x7fffe6449768,0x7fffe6449778
2⤵
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:2
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:8
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:8
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:8
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:8
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:8
2⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5408 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3412 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:8
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2336 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=960 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3212 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4804 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4484 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3860 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2340 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:2424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2208 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:1
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3300 --field-trial-handle=1872,i,6820206294952946537,12977711483523548736,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5112

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
111KB

MD5
806286a0f78d08247365c9cf31baa7fd

SHA1
5cec548406790001b9943cbec3ddfea5f9e4c9c6

SHA256
828e6272304ef87e4c83ff8e0d3f116049b9c054933087311a684247c53ca424

SHA512
e422fe3d1e9d34ad68d6437d72935b19a51dc219b6f444b074a02801d2dea79e0b6cf0c9fd478da4e618fc820770abbdf2a08a89aa052a3e89e29e0ee0e0d43b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
31KB

MD5
390a7cc327b3095071c65434a0d1245e

SHA1
c50a7763572a3ac723034ba89a57ffbca95bcc95

SHA256
498007bad4b6cb8564015a3b9013e251bdd75da590a1d500bcdbd9e745cee855

SHA512
bbd49579099440ea4d8910b0a43bf31cdc85c02995f515478f45c90beeeea1017bd21daa3d7bec3a732ba71350a0f948cfe4359b44638b6c601e3db4ee91a25e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
19KB

MD5
e7ca24dc3a47160c9af0d45e48f1f911

SHA1
c689e79b895a18c9f1334d6eff56744ae22739b6

SHA256
abb85c399c274734c689156024267ece39c2b96d82c752065c9a649a8abb4c42

SHA512
1b6c6e386b8ae1202e7699b2a56c7573ef44661c7c4977b0a9e261c576066ec3c536ea94c7a4cbb5d70ebef2405ad71aa1e3a10c2a9340c69831db53e2fccabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
34KB

MD5
50674b9cd8d0d8036a019b5cca800e0a

SHA1
a8e5ce6fd5adf000d1b79b5c457120dae503c93b

SHA256
b30336589d1bed274c654dd538474d6e1717250752079ef3992549eea2cee844

SHA512
6c68b543f5e57bfe6c9da9aeef56448542aeafb03c2551da344fc056b1f27861e6db70189e48b5d29890e342246e58ac92c123200bf3ba2b16abf8b3b6b8fbff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
372fd92f3b1622b3542dca70180cc66f

SHA1
4606a28ab0cd2d6256d58dde950ac295eebe9c45

SHA256
e6922550ecab464f013f9cecaa17093096f7a6a3f2e2c47ef2ab07eb3a521772

SHA512
b56712459d450233d0f79a8e5d94e557c6c48416600e073189fef0b14717d675dfb850972c63631973256e861b87c7c6a529cfaf68235037e8ab02cd9f0cd572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
9330d5d2018a9cf6fbfcd66f02f3b051

SHA1
b6bc0f5d9ae8e928b8e16f030c46cea24f70606d

SHA256
225c6473407ee66490e4b576fee8e1bcb46c2cc1f5ddc670a6dd4610231f61ec

SHA512
56bc639192ee50e1d61433c3851b5101ecdab81488a020799350598dc62394f0b450cc6efe908bc30eb8654af416e089a2d7df5f30c93ca3c48d5e64a6295a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
143eb89b19a44c120748b7d9be4d3d65

SHA1
72107c68ba5f6f009ed881e94f869e868a08d99c

SHA256
c509eb3fb953ba12ddac03eef5c449343ab4193be70dbf39f1796f770de141b5

SHA512
7150d12ede0def30539736b0173dcd2cbe0d6947546bd9d6ece6eecdc7b1d899387b3ee99ec98599e9e590eba734f3f4a38642d219e9289854df153e25580537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
477b57c3b2b29ccfc696dbc40e9e2e41

SHA1
0df52867be7043b88ac6d53f0616b9f79526e9d0

SHA256
bfdac6b91ecbeaf9632779ffb82a65015ad60f49d37c5a515195cd1a158ea1a1

SHA512
e477c422b48b253555a99b078184758816620368493533163d11b2dc81b8ffa944c3e2e5a13f48176f1f3ca7a3dbcc4f24a747c87a5da59732b92316950ab26c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
920669aee64d115651e61abd341c136f

SHA1
ef070859ba2ff877e4c563cd3fecfea7258e306e

SHA256
0b162118afef0da30a76b7791d1a40a28cb78c27a48ac7288ba8aeb2ed659057

SHA512
620212c1fcb0113897a10bc68e90fd7db77d43eb5692ea87f88bcbab06a0941da08e20804a0a8b39b40172271d62bac5839246caaea0fe1beae7d9894afab2a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
904cb58f8b77bd69fc34572f56d2adcb

SHA1
f2ea61511349959f8d48efdc3549c406a1ae6990

SHA256
2fc06595a6d19015d22f130cf7d08fb1d33ed2af04e697affaafe427c2ebd226

SHA512
0e752c4f6d268150b9b30848e95f7c3ed431c853e4e9542d75ba558cb8bb907aacb343ca6901d733be319ed416cd18cf5b01a8c38f5f913e82af8ad7ed009af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
45a3111396e195f5384fc33e5990acf4

SHA1
8d74dddfd10b70cfaf1f49677acc423887b73b3f

SHA256
2b34578ca7ab16335a1a37ef4b3ab957256d9638adc76a1be6fc3ed38e38ba69

SHA512
afd7d7b36df788c0db74f5a484b20ebd2edb55e25e470082744f952383694049db0824a8a42d4b1bbedde06b5d57e9d001ee6392a8b1a3f9c079aa0e2dba8239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
56e9ce86cab4e5b66f33b5a6a0aad3d1

SHA1
262663fae4aa158125b09e74718e60b8b1e33050

SHA256
265ca3fa2b50eaf29d2fa671a0a8992a2bc46ee2a90f51998d7209e3477a48f5

SHA512
c6e01657e5c929ffc355da622550efaea7795e5a6b2b3294d7e2c1d947c959340d7fbe153dd81c04caba3352590d88a85b1e93328b23f0471d8cc9f4b711485b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3beddf8702bd82af4b21867cdb4f0a27

SHA1
e890429c9b9e0c67d96f952c83a5c31122c598dd

SHA256
60e93dbff7798ab92811c361db586f66c65f737f382e3e01973e2ff7c6bf5019

SHA512
6c9dd0201695e47796a711575c3758fd18f69d1965fc6b8027f304d755fc40c198b436b33ade50d416ea05f90de039aab963061a2e109bcfce2e7077e604d1b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
50a66072c3d54aea6936911d86c3d117

SHA1
1702074063f770db8041043fa60351a508fef8bb

SHA256
285d3ac1c2c5c0abc519bc4c18933ba44b9e7653844d60ac2027854b32e26df9

SHA512
db771f9607dc551cd75df710e97619d53fc3f5f17829f3ac40231b4cf7416f5bc630d8a0896898beaa4eb6715114f3e25c2966630636bf4e95acbc7786d27bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9270709e626d2415734f45e41a972c87

SHA1
5403d7628ac99cfbe94af7c59858c20134fc2003

SHA256
aee909514e399d82e3e2b0a2423ff3075ae9b7190cb67baf50463be02b8efcf4

SHA512
ef8beb7806aff32ea76ca230ed948bcad3c041403f2f66dd82561faaaddf49b72c623cf5f8d9f85d91ba8643d21fd09a47608000f4b7616f73ad2dd04ab0f7b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
23a3f476be1887777c1bafc68c52a903

SHA1
dc8054de10f3b7ffa60238b7df8770020e3c6727

SHA256
059f3d586c99d479df53b2089ddc9a404ada3136e7be601f4f99055222ff24dc

SHA512
b6ed231c8c2ef403dc21f553e5c0728a1e57e634a2710ea8c710cc5ea626033ac134f0513ef1716a59ba1023c22ea09137752028d6d646abecd2003b7a55eb3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
304c0803b4a1c2e0ddd904108a47587d

SHA1
f86b068e6bd448786db15e18206107eb95d7a308

SHA256
8d7e45a5316ad55a5a7f16eae029d29ee801790b0d227a09b203f72c1bf73292

SHA512
ce7606b0efb0f90e68c50ec92cba2396160f04db1d355a706af7cf95a17f10585bf5c0e31d1f9c70d213868948a893dda2231d5415cae7e8ff540bda4291583c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
13fa11c21b80b1ea7b8e5fbe1ddee01c

SHA1
10e7cd07f092c1b42a07eabab1ac140cb314d065

SHA256
d5b401fb34f4c2822ea90c673c01c6e800e94045d0ae80c5cb9dfb15806837df

SHA512
02b3b9bacc7b391ac6b48ce8af565a01c4aada27d5542ba693cda8ac8d3b3f4477bad20279ff82c7e0458bb1456511f2b886796024fc29139e2479d3ac172a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
865b67aaede7a1da1c2bf92b2b9b6218

SHA1
3113ef8bfb4d08f8f835c4030c67ea8bcc0c5118

SHA256
fe5455762af48631b8383297f590080724869d44c1dbce4d9ec1492fe6a3c84a

SHA512
6a50b41d5a4040506cce8169c6fcc063b5380be9c4d51b08ba0f514a3c1e95566fb2de9824dd7782895f170691e44380ef486d002b53d9243cb06eeaea96987b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
69bedcb12dc67a709edc2f386822a074

SHA1
bd388cca5be23b22127da98c682e540f092b8468

SHA256
81c46b42b83cbda16a8ea72093700c987e94b15af150f1db65b5e21db66de167

SHA512
1b1f9b602d9730b66aa4e50f8281568bf0da473919b7d105a6af496b11b49e1541aa24cc1df682c067a7277617a3c54e08b704622b4b93f5adf54e9e69144107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572c11.TMP
Filesize
100KB

MD5
7ffd2b205d5e4241d4735aca4ee6ed70

SHA1
e21afb60bef6d61021ba09a00ae9440ae29c7c6c

SHA256
163e752d982af1b7ffdd2c04f0c7b29ae26e93b04f092e542e434b7ebcfffa9e

SHA512
3d9a5227762535b48e90ff475f1d93d416aeb83fafa157df1a79b19a58a6a00376e7420335cf495650170ebbb66ab078e18085881c15d4473072946dd746bcc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4960_GAQCAKODSUBVYMCZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit