hxxps://www[.]youtube[.]com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https%3A%2F%2Ffunkmonsters[.]com%2F/[.]myflexingzones%2Fkeeepmyheartgoing%2F/akqtnl%2F%2F%2F%2Ftheo[.]schouten@abb[.]com%3Fid%3Dcom[.]google[.]android[.]apps[.]youtube[.]music

Analysis

max time kernel
149s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
23-03-2023 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https%3A%2F%2Ffunkmonsters.com%2F/.myflexingzones%2Fkeeepmyheartgoing%2F/akqtnl%2F%2F%2F%[email protected]%3Fid%3Dcom.google.android.apps.youtube.music

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240532664532844"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

5112 chrome.exe
5112 chrome.exe
5112 chrome.exe
5112 chrome.exe
3152 chrome.exe
3152 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5112 wrote to memory of 356	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 356	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4076	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4260	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4260	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe
PID 5112 wrote to memory of 4004	5112	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=https%3A%2F%2Ffunkmonsters.com%2F/.myflexingzones%2Fkeeepmyheartgoing%2F/akqtnl%2F%2F%2F%[email protected]%3Fid%3Dcom.google.android.apps.youtube.music
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcac669758,0x7ffcac669768,0x7ffcac669778
2⤵
PID:356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:2
2⤵
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4648 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4696 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2964 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4708 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3696 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5640 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3128 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:1844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5072 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5728 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:1
2⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5640 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:1304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2936 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:8
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4580 --field-trial-handle=1776,i,882872258792422832,8988863034213362787,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3152

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3892

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
Filesize
162KB

MD5
4043af37a3392a9db521ff9ab62d9608

SHA1
83828688e7a2259ed2f77345851a16122383b422

SHA256
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

SHA512
97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
9b3d4c8005d9ebd7a0640dd4e8ec9b7c

SHA1
b65fbcc3eddac0b4116d4ad6a489f9debffd1837

SHA256
411625e4c880c4ac16c28457d6c97f6def8431767ec937e87605ede06418a563

SHA512
81e2793fb019f21a4bbe38c90e26f9ad33f29a02e21f9215c135f40feaf1d70ac9146f198b9c20b6edaf4bd1d13f1fa0eb0e1a617059d8d8d0abb259ac7d5413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
8bc2c37a36f1e9da92cd9a11036c33a8

SHA1
ace6d2f1677715bf577effa262f01bc42a7eae1b

SHA256
288cb65aff53755826199a4038d6370fff3b8e49f0a38a61954e8f32d41e7c70

SHA512
ee1ee36a7daf523c1d5de4b65b70c1fb5580477a4f26e499c340c819ed66416b35aafc4570bf0323e4af8bc30bf4b22adcc5022fadbc690d67ab8b9eaecc80b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
5ee3f0ab387fd0085240e70575f70d78

SHA1
fb94c54e45604a16574094f259c977be2ba31070

SHA256
732b58d7d374a1713950312e4a5d9aefaca6d62d58183b9b40db970907bff9b7

SHA512
31199886ef386d899168569e084390706772a9a02b4281b500a8346fb3f3fb529d0b5e0577dbeb6998de0fef7e400c7956fefc3333c1f71af1ba0c4539aa0752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e482c7c72f4539f14d88045a8d2d76d5

SHA1
e30d547b0ae8e1d6f06e371b28411e5eb94b1486

SHA256
513c535bc9f4e7594733745a8ada842ce72f473123c2f672473892e9f7869b4d

SHA512
510ea37c2dfad6f80e8a525cc6958dd1c802024d248446b4dcc90e52bfef4462a12b72ad7f80427d289dcc94da737638ffe539031b2f0bc1b99be14da053f703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
5e100eae92b1abbd46302f85af42db1f

SHA1
c7a13493469357cae68691066368d69eec4175f9

SHA256
73278bf5dd4b3072e9726e78342a63d150e9ee6b0f58e8cf1dbb84700b534841

SHA512
8bc0bdb06bd1cb6a55f59696b96531e8cee9326737e2659cca4ade055d8026500749874ab946eac41263ebdb9151c1d8093299b6820ee86876fd11e95ad35837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
428fb65f6da5ad7166fce0979577986a

SHA1
272d1d374eb44b556d0c09f8fbc126f9862a95ec

SHA256
c3660e0a3eebde5437ef867ef67e551367738d59c28225f216ae38fda76fc2f7

SHA512
810cebe0f9d715eac7b889ab190bf80764e320c18123a937d6f3e20f5d782eaa9b3686cd679b51843451408a443617ca939b75dde88fc92c340812d64a818275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6d97402dd394044152ba3fb7fadd0e8b

SHA1
b57649a71bf7c1c69a55b3623484c02b317eaa38

SHA256
ee09691c7d3e61da2565483e70cb1ebba0b862a2bce025984ad66283269212b6

SHA512
9ed8b74616f57fa45ea1fa35a7173bfcccd219251bc87c2aae22fe2c0d2573b6c8f19ee0c3f99327a033d657c715bf6c908a1e92e00c343b721990dda14a1269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8e021f7133253fa8c776cf256e1e5b86

SHA1
fb5e0d559d16148466ca827cb21f657d7851d5ee

SHA256
49ff5842aab1e94603a3999f559f4f4a6bfb074a03ed9dd91e6d7f4fcb8ec871

SHA512
652882c8969989a513b2ccf7701ec8c69f9f86c8fe3f0c16a2cdf26c4170be8b02c11c722633105c7719dcfe1516b41647d375a2751042c9ab00816d074f4f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
426b566ede07d746f0cb26ba932dbb8f

SHA1
8ad59179770e99d0af4374039ee3f1e373a44f24

SHA256
c419ebf70b118ed5bb19600007965d5061d71cf430e30796e7f454c466fc41ff

SHA512
92e76972e493a2ada769af53fe25b9b67e0216e9dececc38e51d69b8edc4321fe0e876273d30a90b582b705f5c8143a6afe99bf7a52ea3a9c11cbb6a6aaf20b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
360d58b39e3012a23e3eeb4782cc47c3

SHA1
ca636f5efb6812e0352f4afe1393c56940eb7dc6

SHA256
a6e30513c6067a7dbb333d8163071494f99084a2ba609ee3cfc4963e4184147d

SHA512
19ec7fcafcc23a847e2ae189cf7733e1cc4f80688906d7c0939f997977ae57987e7b67932f9c66218e91d50d2f9b8d5ed42df96b5b4b91dcdb256b15d09e468d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4930074b97d96f9367832828b7d87d13

SHA1
7045a32a8419b5d6bc99fe5d037ae462e605fb71

SHA256
e9923d0216eae89fb7286d1a72d52436e269dc6007e443808df0ca57be2ad381

SHA512
aaf9968193c0ab04f25353c2d4aaa88fee4a0bb115065a623cdf2497d68651ece2cb3a79bc99ec00a36ae12851375301690b7156a08209b0572acfed696e3dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
eb7f5839a646b986f51ebe942f366127

SHA1
649c3a7b1372cf68d181ac9efd1e898d423d9a36

SHA256
26757d488a89ae8e71fe99019a4f2d4443001e7a321a52fc3a43b365d33df8db

SHA512
4b58405dd6f947bc5d832c003865adc4333320d39f2c1da27b4551bb362af051dd7046bce3fa0197ab4aafc3c5feb7fa4ff4bc9e6692977af6e0591160443584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e1b043f7c8a5a3c4119dabad598bd63f

SHA1
1b1a34b70d8fb55f9d2bbe27f37e4ce46e90ffa4

SHA256
c0da458b91012c98bd3ea549ab948fdc6481ea2ccb5f99f11f8f0dd315ac8a6d

SHA512
b6d5ef0a9dfa6e773dd65a9c7a51daba83d526c48269f996e71f83841efa90d757865c6b08d6eca90ab5dcfaaf9ef16d07ffedbc1b05dbc509a7ffbeb4657c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
33ff649d467afa43de891d95245437cc

SHA1
469b70c23a0ee69983d5d2241e732bff60e0827e

SHA256
b7019cbd0f51f096c0df281ee50698722d2fbb62a8db5c0487035a1c8f566933

SHA512
18607f4e27d0b6ff2199469c67272d9a530402f5666865f0ce8ed602caccad9c4fddfa41dc3f57da54174b610db1060766ad2caa00282505b7b906e2c2cde20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
25070383711f9899296aa0f15baff285

SHA1
7c504562683c3f82674e7307a3dfca2344e4d088

SHA256
f69ba57d94e81a9ce69e5fbb4fcf664e9b54940ba8bf1f268c55748d157157b0

SHA512
b54e7808aa07dcfb9676c6ef2fb1844bcbc7c3aa5eb711640930b59e1b9fe1ad9b3ecc32af15c99ee9ffebd37389548b6cddd58f1b5770a4a1cff543fdf5e6d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe571117.TMP
Filesize
48B

MD5
262d2d7f3a870f2fd94dc8750436346f

SHA1
60066b3c51ca348d8693580853cdd4331014cae9

SHA256
4d174503c80586a1bbe83bbceb39d086698e41c7bd2e1445f6f06b6c69f8e928

SHA512
d337637c1e2fc04cf6b0e227284d8275e89c4a4c738c8072c3045a1f67f9e66555a1ba640e14e4465ebbac01794db14f3f7139c4e9bec77e696beda65ca0ad08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
147KB

MD5
c138ce87a0267332f5bf346a4565b820

SHA1
f22defe106289f3567cc77497f0be0f589023ad6

SHA256
e0ae1ec3e19e7a842a1a35811304d7cd46d086a4cc56e783e06f439560fe90b0

SHA512
1aa072296c7f2d764997f50361691c392f81fa7315af53999dd84028ef465feb5a4e17d425785bfe05f894afdc3f8afd0639fe3e6db1eba4ca6a3075712b5624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
02819ca10df9f4b9f5b8ce3f43af12df

SHA1
fad5fbf10f9c313356d4298c4532dded2250661c

SHA256
77e4148605311cd40418963247e28d70e0d1ac1b34e3febaf1f2226dd3821472

SHA512
489ead9355ffcff4153deb890889776d70d1e0c0d8dd66a9a09b01b12ab64b5b3c800fe5f15b68bf114ac6dab052a2b79041fd252f02e8b1e3a620393709fb44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
940e1625e88d81a339f7a38b44fc9049

SHA1
d84e497e51b8fdb3d70ca986bef2ffe3aef23eab

SHA256
5a66dce865bf362fafdfd24654ebad3214b51e3b85e647adcedbc89491ebbc3d

SHA512
034b6558958294a8bc26a2406859859d9fab4ce83c2512286ed3957e6d0531b7833a8f6c5a9fbf2f7ae1df8ab5db8daa8e5b9b3cf7e7be997561d516ed359818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
0c0cbe8f624edf62ad2a9d9ee4b6b0eb

SHA1
77e110e66f294bcdebe42d1aebc288bef2819ff4

SHA256
2f91e4591a60ea846130ae40b838103ccf71af701edab08de8eb0b72bcc4297f

SHA512
67030d580dae44f38221682727fa0e64b31a8187825736c84bc14201384d55fff9d0f6fd8a98ecab215481af49bc0d5284bc56d8a6aade157fd59c73986a6321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
79bca4f3547d9974e685ae076e617f63

SHA1
8230a97439335af7ff44d609077180232ee185d0

SHA256
89ecaa75e626b9ce8d9fbe71bbaf6e58bb6cffc1d55fabecf62648c86553aa76

SHA512
ea6e8270a0c63559efd1531930cf6a77ef0e80f370e8529f98569346219a389367d7cade1fe64a89585d4a286f085de95e723d13af7ce6631dc8a82d2d1b08bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
d378f8efd4f813c696f27df5ff49c097

SHA1
ff20fcb22aa8a3cc0b699cb04146b1b98e63b50c

SHA256
e27385f80dc3428b6413b4b732faa2610c6da2a55a2aaab17b242d4d95afeb91

SHA512
b2ba54213771877d2f5ada896c52a1720844cdc471d6fa4c0f4f87f124ff25fbd9c46786312e16fcb3215766c04bcab4fcf080d67af99750ec4d8fdcc18821e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dadf.TMP
Filesize
99KB

MD5
4056de93a2aac0a6b9db407adc9403d1

SHA1
63b732d6a36badd7681ee9fdd433afb8a563c40f

SHA256
c1411fd9087a18a7df578efa83329bbde27839df3a9b64cd39c9c7bf8335af34

SHA512
e25d562045e675d1cb28db1b8b44c8ef2c852efbedf4b8cbc1621195015147fd4e8753948969b2c76a0319bd33735271ab2aae86ed0876a310a20ad8d4811b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_5112_FVKBUAYUBYNRBGCX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit