hxxps://mailstat[.]us/tr/t/wjuhng4nbvk3nbvk/3/https[:]/t[.]yesware[.]com/tt/3263582222300220c143958441343775c9117052/a61429550439403742343c809c002204/9037423f35e1170edb2904aa26358222/its-trens[.]com/dvalladares@saval[.]cl

Analysis

max time kernel
176s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20230221-es
resource tags

arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
23-03-2023 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mailstat.us/tr/t/wjuhng4nbvk3nbvk/3/https:/t.yesware.com/tt/3263582222300220c143958441343775c9117052/a61429550439403742343c809c002204/9037423f35e1170edb2904aa26358222/its-trens.com/[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240771118162351"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1084 chrome.exe
1084 chrome.exe
4748 chrome.exe
4748 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exe

pid	process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1084 wrote to memory of 3136	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 3136	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1140	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1608	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 1608	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe
PID 1084 wrote to memory of 2800	1084	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mailstat.us/tr/t/wjuhng4nbvk3nbvk/3/https:/t.yesware.com/tt/3263582222300220c143958441343775c9117052/a61429550439403742343c809c002204/9037423f35e1170edb2904aa26358222/its-trens.com/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cb899758,0x7ff9cb899768,0x7ff9cb899778
2⤵
PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:2
2⤵
PID:1140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:8
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:8
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:3760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4872 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4920 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5412 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5696 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:8
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:8
2⤵
PID:504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:8
2⤵
PID:3196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5544 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=212 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:1300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4852 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6376 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:8
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6392 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6396 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6080 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1532 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6108 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4724 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6312 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:4124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6320 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4748 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:1
2⤵
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=1776,i,16663560789996385586,8680180497794311672,131072 /prefetch:8
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2636

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
8c35b5820422b4c2cfbba355e97cd6b6

SHA1
c16f7da68837dd82ee753555e907978ca92c2801

SHA256
ce744851623a5976caed1a699bd50064c0fbd29eace1782084cff6879efa5e0d

SHA512
c0b64ff09ea9edbcf9b365ad9bcdfef25d78a6a65e13cf9caf7101e1e9b582abb727ec9372c61deeaf09af8d7ee172a9647f18942f43b3418abf0cc4cb0e59be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
44208779c05a3183c2a05adca0164aa2

SHA1
54b014b5fc482203fa9d9be9fb83e853bb15b0d5

SHA256
679f1194f553b69cba2a247382aa432fcd96b8712f1e50545074d84f0addec9b

SHA512
8176307517b61eb155302ce45b672df1b5cc39fa6fc64bc4f17092352aca9293d316cd9c8253a4d74c26360a5e6e6f8dc22959c2c411dd2daa0647635e32268e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
c1206ad704f50e980437e7d3a67dda03

SHA1
7c32f940d42581b44757531225bc9c5d21e45dff

SHA256
d520d867d00e924851a2fc56a379a9a45a642a232a2f737f865209314b8e538e

SHA512
6cd9c5c37c601fbfe393713b4097f586455f5cd8fc6b0d8c7b69037228f80ec1b11f3af890713ec305bab412e639f641bc1510094939ae901df9e74d7d5668a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
41da257dfeb22108a59a34f1c6fa1fb4

SHA1
ccc7c2890d878e2e8e106592cd93a62cc6afc999

SHA256
e30c38d1eb0aaa7634abbb251371ec3b5acd402a855a8a10781f308894e51902

SHA512
2f424b89cf4fac6e534d8812dbd2e4aa403d08751ee430b97797778f2d71646bb029c0ecb2dcd08361d7eeaffd68e73846cf2a69be63172bfaf5f18bfdfe3025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
c8275146f11d4f2e81ca55b50a5a9c54

SHA1
14332153483a4dc706312c769965901ff43b8935

SHA256
d455d67f4440d45e973dc66795ceec817eea22be667a7dc0aba0a766ae425205

SHA512
62b67f118dfbb404b0ea8242f8021d9b7265f875e98df1c6a7616b12094410f7e36c2cb78215d01086d304e6e5a6f08fde3d314033f04ef11965feef4075193d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
48abb0d17d085cbf5186802f30a9702d

SHA1
46c855115feb2a9166af71f9eb0445582b3f4e52

SHA256
309c60fdf9ba5d05f39fe95584e16c8dcc88b1695d8a7edf3384757ba04ba525

SHA512
a87b2f8b14469992befe220e9102b0340c3de42c33e74cccc89fb311e562366ac80d1269eebf85c42bbeca06ea95f7348dd52121ad3eb20e1671658278dac5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7cf0279ede1170edbfe75bcbccd96ef5

SHA1
e87834ddd35b1d97b45024f8622f24de1ea082ab

SHA256
cd95b66c35837a5f702c3249c9cdaf95863760c8d00e12791f6e020a7fc0d8e5

SHA512
cd00d8bc33a7ec9219394b3bdc729ef598c8a0548284f4d643d86e613774fadf2ed24a680909c035410c4a1021d5e974a8f7316becbd1bb34c8ab16a3748ee48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
604ceaeff1e6766160b9f5af7e12c8d6

SHA1
eb2cd00c8011e7b0c803d6b5bc8f25e3ad062406

SHA256
ea6076bbeeae7281e64087f643d7518096293c2b34c8d36a324045061b8eda59

SHA512
e0ee04a00e59aa7f78caf4614703c7b9cea257ede94fbc4f8e855f496a1fc4ad27727bdbc269af067b0e8b454d53c158be234b210fcc28027aab47903a447e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ad1e65cfcfab2d3ce22427231fb09ce3

SHA1
fb846249376d450b42e59bcc89c9e886895416b7

SHA256
78509119af3b1b569771948f60bf92818d4f2a6bfe2bae0b9b16c152df80fbb7

SHA512
dc44e71ba777f178b617b70abd151b0dd4f66a1c8ca23ef85c7c5c3fbedb4027d3f772868398b96223d35901c867ae1d75ba5ccf7c6d867f3a760a6891a0d47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
af389459c9ef6108530ee9463fe97d50

SHA1
8ec91a457bb02f6bd3a034aa8984d3e18a2e715e

SHA256
e875581a58a799ea3ab39d7f4c1ad4a63df06cad313cb9fa1eaf84131623f66a

SHA512
b075bc0a5c3e8fe4024793840dfc3c927c5c69a6d195d24865c766e93e38b41605293beda254f70b3715713547d6195d0e79b1b8a11e55fd91f105740d2c99a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
3096751dcb83c4339e7b98ad6e89f3a4

SHA1
2d5b0750c252f630906f4a9f8576d8e17c74237e

SHA256
b3168005d452a54e97743f6584f02d8929ef57d809cd79b593e242642fb95c5e

SHA512
057fb3fb135ff3eea1efa5f48ec39a0f0d16306f2ff9d65b9a2ca431d88890d03fc13be1b752212629ba9cd361a3bc865f52211280685c9469360e658497daff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
c26e0a4262326cc0c7b662e38f7654b4

SHA1
c21e14a48db729fc006e68a0418740a5ef3645eb

SHA256
d1feafa7999cd5bb4722e549e18c31d842ba9e7961db111ce4d07fb0e531909c

SHA512
6ac4bc24a05a79b7b7f86467d6b0f8dbf3aca207d4798c8b384efcfac0c9176d28f2924224cab03ea988b7d5dca1bf6d632383af60d62782f1d74dd2ddc1ac54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
ff07cab9566e9a333c2d39fd090e9f69

SHA1
19db447c9e1bd84de611bd052ae7adabc9147305

SHA256
a2bcfc22f0466c577672baa7e9bd32a840a17cb35caadcfe0a3319e1f4bd2ba3

SHA512
c7643bd4b70861b7bfb8e41f9a0c0f245d25875e3f93feaaadffd1dbdc16f3c627233ed97b1cb525503caedb46661591fe0fffbe80c22ecdf253e982e0ad9815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1084_DOMIOEUXRXDPNDBM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit