hxxp://arjunanewsonline[.]com

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2023 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://arjunanewsonline.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133263349617584188"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
5600	chrome.exe
5600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe
Token: SeShutdownPrivilege	4316	chrome.exe
Token: SeCreatePagefilePrivilege	4316	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe
4316	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 4948	4316	chrome.exe	83
PID 4316 wrote to memory of 4948	4316	chrome.exe	83
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 1796	4316	chrome.exe	84
PID 4316 wrote to memory of 3620	4316	chrome.exe	85
PID 4316 wrote to memory of 3620	4316	chrome.exe	85
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86
PID 4316 wrote to memory of 4936	4316	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://arjunanewsonline.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd34009758,0x7ffd34009768,0x7ffd34009778
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:2
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4740 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4900 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5312 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5452 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5716 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6124 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5180 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5052 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6216 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3464 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6504 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6804 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8336 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8320 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8296 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8288 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8112 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7972 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7956 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7824 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7676 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7524 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7392 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7248 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6948 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6800 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6744 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6956 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9188 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8800 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8720 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8268 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=2800 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3476 --field-trial-handle=1816,i,13182203368954916379,722428842569571083,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
3695015cc9528c9747635e808dd37507

SHA1
86f5a7b61895dba37030fa82a67ce948aa216c05

SHA256
11f15d6728d920fee825efcbf517e1778897f159d7828cf6df703ab29469acf4

SHA512
f8d21a1b7eb3e0cd1a8a5600982be4ddbe1a675f79b6fd1726be909fb75838dc5d7e2e2c48ebd8d9f89900a1262ae138bf12effa8f0a27f7965936c391ee4777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
41140e28a26832485d947f1ea7041da3

SHA1
507b82a96219d3b61c426f575bcbebd84e17e8ec

SHA256
33312409da793b563b48414b8bead1a075f792fff6dee05394fce3490dd594a3

SHA512
f08b4541ed94fc19251219b363e4749d0adb1bc35ab28f19c593bd2b875e8a4ec9d388147b4610603541d97b4210082dcb3c679bc3270c69c03b4850e5ccc0a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8ba7cb49078786cb4d5b83d08ac0972

SHA1
0efe97f8fef8ac51b42555e1e134212fcfe66b0b

SHA256
5c7b9e0bca0bdb50cdac10014e8e8eb8177d1976455403c263824b054ecd2a6f

SHA512
fea78c897cc5c52e443acb7e28f50840533aa212dbffc993b373a378a0df1834486759cc9df548baba5b13dea43403acdb8ad98730d7e309b5521c539afa90d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
8ad27810653eb674047ce3aa5bb571ad

SHA1
5da45f6fe206f8e23f313c7e482b89bfb8cf088b

SHA256
b69b9434f956d721f228f61d3f7d9e14dd0afcb92b6068187240dc44706c64e9

SHA512
d36138051c913603d8b0ad7def8b3c09fb1f3946c02ded04f7397d0e738be3a7ac85396cf083f27d8dc300c26791e03f40218ddd3a8059d874188d7316657d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9b3f6abad32b22889da13a35e1bbdfdd

SHA1
8fbafaa598f0144e722c8eea242c3d8c2e1ed720

SHA256
b33e38924e180916488921b7dc572bb3ed37d5904b09d78ea76daaf0ebf2688f

SHA512
ed071c353909ef22d74481a182004b49fae69b25b4ba8071d20c8fe8086bef23f5328ca3926ea3c717e36a10b225db572c020a722ccf388dc17563a5a4de2265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
269976ffb20b0303270dbac12411c2ab

SHA1
37fd1810f05f61f8b6ba845bfa2273c405561c95

SHA256
60c9f213d56fc4fc5271c5b2036aeda78acd3124e9097b095ddeabddf2efeda8

SHA512
4d5b5c09238a2ade219246bc01bc3b9ba044daff7cf25c288580d85f795bc849562c55d64204645580fdd13c12da5660618d930e174fa9fc02259c26cf3f8343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
20989d2713ab130e5a5cc2f9cba583b0

SHA1
893c2168ae577f77439cb562031f5c08818844d6

SHA256
81a4f520ad05c2875ede076d8053d4e1637d0c6f222d045d9ad00f45ca5838c7

SHA512
9e9c85fae92a629b9055906e711f7f62f19b45bbe498691080acfc5c32b555b78b20a546cff35a5e68281dde36faeb18e5c40a7c4b17389ff6a81d307b4690d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
140ce040abe423a22c93621e532972d1

SHA1
0c5d14b007c085070937679ec67ac42cc88f2028

SHA256
454b1a06a6a51f5ac49d9d30186bf444d98d8474c0b42d4238e51d4cfd95126a

SHA512
68a61b297f36d107c984387317f3db678416bba5721f258fc5896f3f7b8b5ee500cf64f05d97e6de2ce2cb1136febdd2c3823b7e9e1ee3ba2277844de0f960d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e038ee2797b56ab416924977f9284eef

SHA1
2c6b43bcd9a7dda0f1728a90520204caa2e759fa

SHA256
dff0b43986a3e23daeb999ebd95d4c62796a3c340bdad144965f780166bb4b23

SHA512
0eef62014eb4d2c93ed25d38e35e15594bba2dcde9f6e21e2d0464a4f2d8df483f44dc40123c6fe74abbfaf67d9be2ac7c973f28e615fda634a49ba630b759ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e8125c8b694658c614b065b31d05b443

SHA1
5d079f6c5a8db5a524163f2c1e1c6dfe5161394f

SHA256
41262aea1c86946e333119a1fe4c3a441081f85069ce830305822e92ac3368b0

SHA512
11ba13bde0084721e01c7b388f6c9ab48715b79c5ec8aef20297a4627be1d56e0a786763201982af18b80b915986eeba4153a331d800c6732ae13b0f406f97c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6543b569789399685728af805c18c941

SHA1
2d5eeb2057ec5736d1e856aad50c649cb291b082

SHA256
333f065295d916f0cc3c8f31d8c7a8c4c06f3f263c987c44f334b9862c238f71

SHA512
d014e967eb54127682984499b5dbeb119bbebbbe8fa63287c7079f8aff6fa02fce36dee26f652b2a2f7c89b56de5809d590abeffe1b64b694906b6d59f2c12a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
80391189d188c3a24fbbb401a9956baa

SHA1
36734b66a4a59dfc4b0fe9b449314d45c3fb16ef

SHA256
1f6264699d6f97de229bdff3eaa84e7b6437ae59fe7324f2477eba42d245e6c3

SHA512
f85dabd4afa0f9e588d9db379a5eea547a5aa6e2026e6da98466d9c661c36d4d95b4e6557e0667bd2f2f0bbbe75ff5ca7c1c2b2eef44f7e0a5289618d29539db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit