hxxps://ufl-csm[.]symplicity[.]com/track/58a314137b3345316d24110b073f264d/2814963248/realurl=https[:]/*vinaxlcftaut[.]com/?&qrc=a2VsbGV5LmJyaWdnc0Bzb2RleG8uY29t

Resubmissions

22-03-2023 15:50

230322-s99hjabf4y 8

22-03-2023 15:48

230322-s8rlbshf99 8

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ufl-csm.symplicity.com/track/58a314137b3345316d24110b073f264d/2814963248/realurl=https:/*vinaxlcftaut.com/?&qrc=a2VsbGV5LmJyaWdnc0Bzb2RleG8uY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239774565128872"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1936 chrome.exe
1936 chrome.exe
5004 chrome.exe
5004 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1936 wrote to memory of 1028	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1028	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4340	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 996	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 996	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 5088	1936	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ufl-csm.symplicity.com/track/58a314137b3345316d24110b073f264d/2814963248/realurl=https:/*vinaxlcftaut.com/?&qrc=a2VsbGV5LmJyaWdnc0Bzb2RleG8uY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0de9758,0x7ff8c0de9768,0x7ff8c0de9778
2⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:2
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4676 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4540 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5100 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5540 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:64

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5464 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4596 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3416 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:8
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4688 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1760 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3432 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1764 --field-trial-handle=1824,i,1904580617729130875,3051360475189683369,131072 /prefetch:1
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4432

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
160KB

MD5
f22f07ee02fbeed3958345c90b52b818

SHA1
2aa44ea19d580589c06c2170103b4d0505e18cdb

SHA256
dc1eadf37f70bef92766d0c316d1da7af283b84e5c309a4732d8ed35d7bbfb84

SHA512
8473f7cef3e9289f355047689f5a2b82aafc49501c65f118e5b0632a6a690e542eeae45644e77fa5b869df17b05ed138b4183cc93364935b1fa7d89e32fe5d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
47cfc3cf5d477539cc27e5480e66f956

SHA1
e97138865dd40ea4a49cf43d3e44bfa7a9484c94

SHA256
d6297996e1cab562cd0ba4faeb652c91977cdaf01e5fcc643421ef385339d525

SHA512
32cac4be6af48f0cc291a35662728a9f0b5cbe32077f80606f16972ceb0cbca42fd3d0bbd40a3b4bf1f41e14537973a9f1cd3e0bc3049c56466930159588cfcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
ae4f6ca106415071b3763659f2b8f0bc

SHA1
ce9cd2b89f61aaca07a52bc0ab45a3968670cfb1

SHA256
83111c07e47886fa34cb1829a8d427428fed79f4ed9eee6a6072545c43287d35

SHA512
68aef97bc021235416aed04ba0e6078ac8e3594d616924612d2e66a6a9d552bb7346b8e4978751aa6508d0420882ee11411ec86aa8379304e5ea8afa5827688d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
84708b6f30de16de589944da0b83ab7a

SHA1
1c8d77474442e41d178c2f9f9881ae706c9358bf

SHA256
b68abf0d684c3eea4389142332ce5b71f3caf5e393962440cb5f906eb11a12b3

SHA512
1f5470b251736d8568500639b0c85b36e350b01fdc5e9e1d68496dcfd3cd81fb54c2e3f616db3617ff37650893b0818c9551f3d76f7da45f101899bd8f8459f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
786b107814b74ed2a6810ef9ad20d2a8

SHA1
82dcb05ae1bd02f2dc81b108373d9baf2ac86f8c

SHA256
821ab3a8a8f1571122793825632643d879f0914e1e9c7dcb7b5ac2e5ba825696

SHA512
83a6f30f0a3e742a5d88a33f0df012365062477b37c290f47a5cd1383522a5c5cfbf587d222a48ef361fb7f9f3b5766b949ef9ed06e06c0509027035d6607e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c3436a351dae6a3d79ee51f3505a882d

SHA1
269a82767d7fd5962a37ca46ce2063143278c1af

SHA256
fe264e78bacc7bd50cfdd14239aa728dd05ae03db960a45461f07ad4100a7265

SHA512
3c8dff0f26dd3965934915d885eabdc1f46619ac1436293c485f195c3b6c62e9d23daf899a8632188e934b3d5349efb424094bde9959a8f0a651e6c9432a59be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6a1efe676f99e279bd271c3f110a2033

SHA1
1a9ac897de4e684ac8c06cdf22793f584a5d6c56

SHA256
9df89b39923a38efad7be28e5c7743c7128599034d258c99559c87334dbb8b3f

SHA512
b91cd2a98f6765fa120dc7294e83b9f4824e99b2abdbbb828a521f740c5ddf0b5a554143216ae6bc33cdb7e9c84597817f35832c7ced67548b5544173959d17b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
10cbddc6d2269f2ac3d91412f8ecf068

SHA1
d4b577229355b2365c24bbcf84d27cadf22e44bf

SHA256
4515c2af1b32d10570718ed67fa335c40daabecc4f0dc6d7bd27189f0df890a5

SHA512
d0966ad011dd2cd7ec9b79972b1959aa443624d4834cef9837b02855befdeb7648c09d612fabfdb1bf7ee5f58c57c95492ac25feb0ade43fe21af6752f34f76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
eee8e85160d5c1a9f3e68b0e7eb76a50

SHA1
07a7fd52f0439b7192bf9fd1e573e787a0a72523

SHA256
117b68fb8bc3414b42095dbba4235383d77564b15b26eb4336ea129e4e7aa8d8

SHA512
e94fb0934f07d676aee49518d6045be4abb95e3c473f77a621745c1e41856d118ade518be4d55e14956dd8ceb946764607cb09915f0e59b84912235dddc30f5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57180c.TMP
Filesize
48B

MD5
935b55f9b5ac5734157de08bc99b8378

SHA1
51d3f7a3b14061b4dc4874b331a9cf29b307cdd5

SHA256
89ffb4b86f3cb21be49597318be1960185563c0dedb604bb945bb4c63ca003d6

SHA512
72b5e540af942406450d2e9d5afc3f3ebacd5b0d30624af39eaa0c1c2dcbf709af24368d566a97514b89b25b2390c27540d0b1f631b141a43b2314a1382f6865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
89a26b9cb3a1a05babe69c2876061032

SHA1
8c07a5351aee237bd784407f36aeeddcca7eacc1

SHA256
c423eb298aca2c28bff4df74f621788a502eeb77ca91069d76c2afd575283dbb

SHA512
bd2cee9471de3b890392c01e9545a368609a2fce8bc31eee3f4659b00b6d9178eec5026b32f626c2ae2e216e17f80d7af4222cdc9d42e5ceca3b653a75c35406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
eba0a2daf08c1d61b64e6cd516744ad3

SHA1
cab593ecd7d3306af8a52dc64804754fe6d84d84

SHA256
7ce8d3e7b56be79d269252d2a5979ade26942259775bf2b37e8e6c2fcb227588

SHA512
4d2a1f538549be4c982f8a74615388159e79fd9a7f3455c9421db844735eb829fae06cd6fefc70e0fd3bba56775b3d294247ee3b9cb0a4aed2d6fd1d62830731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57001f.TMP
Filesize
96KB

MD5
d097f590c44e46ec9d1fda30eab8a916

SHA1
c300ab469c2c29a14634427e32b9381e22ea5a59

SHA256
06975687aeeec601cd1a217af307b125110ea70343c7fda57814eeab21b45020

SHA512
c3fc84a208771a4ef9c972f74d7247003c267f8dfaca292ec61780dd81f12c8466312db05fa2b4861e33e9ec09a0a0e99cf6365269220259404a48d93c562cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_1936_NRNPZAWTROVCPLCH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit