hxxps://click[.]stitchfix[.]com/YXcr?pid=Email&sf_client_external_id=613c20e2-b0dd-4438-8a2e-0d1d1513fc57&deeplink=true&utm_campaign=email_us_w_reactivation_styleshuffle&utm_source=blueshift&utm_medium=email&utm_content=email_us_w_reactivation_styleshuffle_437152218&af_esp_url_path=/track&af_esp_url_params=uid=32c44352-a594-48c3-bce6-586e60e061a2&txnid=f1763a38-2e1d-5443-9ceb-d12aa1744af2&bsft_aaid=3a8cb797-2e0c-489f-b330-8334bcfa0b57&eid=7efc95f6-bd2a-acf5-0423-478fa777323c&mid=530eddc0-b872-4a79-ac14-24461f2f973d&bsft_ek=2022-09-21T14[:]24[:]38Z&bsft_mime_type=html&bsft_link_id=17&bsft_tv=62&bsft_lx=9&a=click&api=true&af_esp_name=blueshift&af_dp=hxxps://www[.]stitchfix[.]com/app/home&af_web_dp=[//]jobranco[.]com[//][//][//][//]/common[//][//][//]nzfsag[//][//]richard[.]batty@invesco[.]com

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2023 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.stitchfix.com/YXcr?pid=Email&sf_client_external_id=613c20e2-b0dd-4438-8a2e-0d1d1513fc57&deeplink=true&utm_campaign=email_us_w_reactivation_styleshuffle&utm_source=blueshift&utm_medium=email&utm_content=email_us_w_reactivation_styleshuffle_437152218&af_esp_url_path=/track&af_esp_url_params=uid=32c44352-a594-48c3-bce6-586e60e061a2&txnid=f1763a38-2e1d-5443-9ceb-d12aa1744af2&bsft_aaid=3a8cb797-2e0c-489f-b330-8334bcfa0b57&eid=7efc95f6-bd2a-acf5-0423-478fa777323c&mid=530eddc0-b872-4a79-ac14-24461f2f973d&bsft_ek=2022-09-21T14:24:38Z&bsft_mime_type=html&bsft_link_id=17&bsft_tv=62&bsft_lx=9&a=click&api=true&af_esp_name=blueshift&af_dp=https://www.stitchfix.com/app/home&af_web_dp=//jobranco.com/////////common//////nzfsag////[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133245720140517783"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2188 chrome.exe
2188 chrome.exe
1876 chrome.exe
1876 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe
2188 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2188 wrote to memory of 4108	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4108	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 2280	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4340	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4340	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe
PID 2188 wrote to memory of 4608	2188	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://click.stitchfix.com/YXcr?pid=Email&sf_client_external_id=613c20e2-b0dd-4438-8a2e-0d1d1513fc57&deeplink=true&utm_campaign=email_us_w_reactivation_styleshuffle&utm_source=blueshift&utm_medium=email&utm_content=email_us_w_reactivation_styleshuffle_437152218&af_esp_url_path=/track&af_esp_url_params=uid=32c44352-a594-48c3-bce6-586e60e061a2&txnid=f1763a38-2e1d-5443-9ceb-d12aa1744af2&bsft_aaid=3a8cb797-2e0c-489f-b330-8334bcfa0b57&eid=7efc95f6-bd2a-acf5-0423-478fa777323c&mid=530eddc0-b872-4a79-ac14-24461f2f973d&bsft_ek=2022-09-21T14:24:38Z&bsft_mime_type=html&bsft_link_id=17&bsft_tv=62&bsft_lx=9&a=click&api=true&af_esp_name=blueshift&af_dp=https://www.stitchfix.com/app/home&af_web_dp=//jobranco.com/////////common//////nzfsag////[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd499e9758,0x7ffd499e9768,0x7ffd499e9778
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:2
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:8
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:8
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:1
2⤵
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:1
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:1
2⤵
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4916 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:1
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5064 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:1
2⤵
PID:1276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5164 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:1
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5524 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:8
2⤵
PID:392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:8
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:8
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5132 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:1
2⤵
PID:3204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1032 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:1
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4788 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:1
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 --field-trial-handle=1808,i,7124776471831688874,15827288115706326082,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4628

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
8e72fb6417bb942f44e653d509886538

SHA1
3cd4b851498df894e640c26ac9f718c2e6a923cb

SHA256
ca4280e985f9937859526ddece327e67e5cde0afabe0b06a650f8d0fed34da8f

SHA512
f700db404e880ea7436a6dd1eb54f5b7949fae35ec41a60d8844cbb8d7caf5591fb42c6727397d2b612bf1727c2ecfc2ef23ce963234e674386db07f098d79e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
8b911e8cf735213452aefe2634cf5bd8

SHA1
b46ef740727f245fbcf478241f4cbf18339d6c97

SHA256
f806bc72335af9e0cc90074580e844cd9f21f5a68d6faf33c0a97bd03cad3760

SHA512
8ce5c0f5b5d3b53d71ef802b74a2807a580b7f0803d45c73c0db13d91de3c74daba7d2bccf7e17639d7f7e7ea5b460a043e63cfb4616a3e99455962efecfed25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
5bb5e2ea17f0d89791a3460a5accd2db

SHA1
97fc4d9a66508b3fd2b4ee14cc18d300bf9359ef

SHA256
286d1fa442283bc4414797e47c8d1bfa487e991bd28b53c77f9578c244ae8158

SHA512
3106dbdb840f70ee3bae5773b945b71513b9aa4a27d1d46f93ab990e13a8e8b67656a555657e141fed0d982f48a0763306b75670b7e224e731208c963ca731c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
f65f1ae71676405478c04d492eb4c87c

SHA1
c5e0e2f6bd156922aa9d7e30ec3b0c11aff5da5d

SHA256
9994cdb86ca2a95cef78df8c0b96a085791783700bfabf3118b651d475ef7e55

SHA512
5f498fc6c25c2284e9375efaaf69def526202a1079f4614c0d2c01eaa49ba7bfc1a564d40e05e58b8f9a91bf5c88a0326bd4043052b6ab43b7410422fbbeda48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b019bf07131783cabeff3a49680aced6

SHA1
3eed20a9372a7a1899c3404efabd373008abea9e

SHA256
162a6db57e7dec7f3238e10b9cee4743f708e975f0c6e8a4e947f7c7284705dc

SHA512
760cb9c15e6e1a868ab669af561e16b5d2e1b8e901d382b95e563d62c5a1734dcebb498a785d1f3c892c3a21d3f280a647c3bb274a5bf930fee902206709d517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
de5836ae37f3a765752e198596b2c488

SHA1
adb4714f3e4e2f8c2aa8283adf9b2cc0882384e5

SHA256
3504a280819da7aca55a8993ceaa6b7bc3fb821c52ed69499d33ce39dd9eeb57

SHA512
f272ebed9bb2569b7d9ebcde46bb8bb03de00148d186d7c15bd3ac783ed0e3bb34a2ded138cf13f1689dd51d37e3ac42bfa4571ba8d484b75e3445505c6cc0a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
3fbbacc5175d23ff92c269be0d6b0a50

SHA1
8ea272699a7453a3f5266afdf4b9124dda4bf283

SHA256
38166d37daa67b0a808eeda6a3a9a40bea7cff37a84e2e47865bf4fb72e5ce65

SHA512
c08035adb2d2eada86083c3f61479e3661265da1e81a58afc44e166c899b213e55a5cd0003eedb8822b59ea0b934928f5e70cff3072823668603a094d1b25dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
f4be1deba9a2bb4f1e8ce8c983bd53d1

SHA1
3157619c5e3968e12628e862c1ed1175ee4737ab

SHA256
7bf00b4a5c8e45d1c5780b382f6f03d2e362401acf3b49d01481cfc169ed1df8

SHA512
329f9bdb9a67ef4386d871bfc720c8778613e96f297db6ad946f089f382928af186ef1f3e856fbeecdfc9a69caf219b9c9a426b1747301b9bebc086d67ab1671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e94e34ff-cae6-4d2c-9949-ceeb805738a7.tmp
Filesize
15KB

MD5
5f38cdd6b21453315d24331d7d68d4c6

SHA1
a934a57e4047ccfab8cdca47aaafd52085c0818a

SHA256
7db5dd6b9e7e25ccd981e42a9e5ba6ca03260b04005526dd0788e9422c445b57

SHA512
298aab5928888c40400fcbc223eea41a312abce064cdb70b2405a077224d7dba9399aa1075b73c039f169e205c7e2ac499a48b55eafdcec772d6df07abb987e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
38b88633c0467a0d46450c39fa23b9df

SHA1
d334d7357b13b8ad568ef319152ca9b1f4df9c24

SHA256
4e7060ad531ea64c8dd5ed73920f4f21c0cf57246424b7c2eb474a9d084b36b9

SHA512
872bce0872634e2cbd523ef9d1e24ce374fd0617ae4889c5299dee5b18e9f70bed719bf6f0f7d770c57b79051f291a2c091d077c3cbf1c1bf2df51a47b67075a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2188_OWAKOTPOKHFZALHQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit