hxxps://chaubisoampok1[.]com

Resubmissions

21/04/2023, 09:14

230421-k7h9kagg7t 1

21/04/2023, 09:11

230421-k5la5seh55 1

Analysis

max time kernel
54s
max time network
59s
platform
windows10-2004_x64
resource
win10v2004-20230221-ja
resource tags

arch:x64arch:x86image:win10v2004-20230221-jalocale:ja-jpos:windows10-2004-x64systemwindows
submitted
21/04/2023, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chaubisoampok1.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133265492915975867"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 1360	3660	chrome.exe	85
PID 3660 wrote to memory of 1360	3660	chrome.exe	85
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 3044	3660	chrome.exe	86
PID 3660 wrote to memory of 208	3660	chrome.exe	87
PID 3660 wrote to memory of 208	3660	chrome.exe	87
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88
PID 3660 wrote to memory of 4500	3660	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://chaubisoampok1.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc56d59758,0x7ffc56d59768,0x7ffc56d59778
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:2
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3232 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4912 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5116 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5448 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5904 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6020 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6016 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6148 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5980 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6468 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6652 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6884 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6868 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6684 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7356 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5196 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7668 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7980 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7656 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8136 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8112 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8452 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5760 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7848 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8428 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8252 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7928 --field-trial-handle=1824,i,6250178937136355348,7177086552132144027,131072 /prefetch:1
  2⤵
  PID:5512

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
299KB

MD5
4b9be04d0f004423c5cc5cc76f8149fa

SHA1
400bb232d2548114c57ab05cee2e2e223a5af6bb

SHA256
8af240dab4c876501bc25d806ba0f0b2dcaeaf5adc2d9d73181e97771d6f5069

SHA512
80a62bdc3745520c7a1c3179a2c867334a6eb76f2d88764206106ad7894a7da68b1d2f0112212e06d871c82e4789a35086650b107c6c2ac87f7751ca3d87600b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
46KB

MD5
720f2c547169d3dc1107d2ed02dbd4dd

SHA1
2a2972a32fdb621df3298bf9b3d077dfb56f61f0

SHA256
d587592afbceeae2d50a373a08dbdfa336bfd958c78d3c4c98affd4b2d0c417c

SHA512
fb562a2bfdb72828473d7fa1e6d53bd999832d69d2ad4b1055057a74ec99376e7dc06e9e5537c78778fb9c3147cada3a32fbb2410a19abf8869ae44cc4feafd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
35KB

MD5
fbdd6a00ee48d6d1b709e20dacbcd5ca

SHA1
746e0f445869505fa536bf56be0e017b67549500

SHA256
dbb647eab2e0f06aca6b9cf62549af5ea885777e21d142592b2b9c4ea1e6bc68

SHA512
31494533bb6870cb5186a5dd670ae8ee1b0f6c651ac0272fcea97f6e6614e80230c93786ee64366d34288884bfef8145a5d4f29c74495e5a78d9eec8bc33551c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
105KB

MD5
d53d07a39c549aa4d260f879cc9f95a3

SHA1
7ef0e38b82bd9670f8870bf5839c8caf0e649ef8

SHA256
2c78a97e65245cc5ed267f6bac3a1081e62377c8ef1d757287da429a3ff9c59a

SHA512
d2be643ab4045a5c3cc9a77684edefb2a80500cf5ef4ae73b7a3c8b0398c78889aed08cddb66e604def79d5c7d070ba1c241c7c338986fe2842fea5815c9c4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
275KB

MD5
e20f18ea14b7f6c9751535a99c675f16

SHA1
c947587829716f7ffe39bd8c4b2e088db7f34e26

SHA256
a5403a8b9dee8513d4cc96ac3cbcaa01d05d7fbef17c803c24f745924ff61035

SHA512
d2c4925d7d36d2add6488544da792072ff3aa85f7e95ca78a713463527306b58b743353bc98aea4a69cf0ab6cc7b1c4e75feb410c9e50cdc3f6a01044afa12d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
71KB

MD5
6fff7512bc3c46e0fb763c64a8ad3e2c

SHA1
98fb3d27e10103535a87be3afa9f7f0c51b4ff8c

SHA256
f436b818a7cf6f759836ec305ab1e60acb3b6b386b09b3cb8e188f0ecbce776b

SHA512
249d586cba85dcde348110a57abb50f92502a0a293a98943d6cf0623e8cc5563b5b7d645c24780057c6eb6977caa70f3c88ec66685880d3b3c911efa7bb82e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
45KB

MD5
7f8bfc7db0555560d30405cb39d94cc0

SHA1
9615339e2e1e0bca5cb742cb40aef02b90b965a0

SHA256
46f1c62b6dd7ad82dee4306b49e0bfb9e678864d04bfe05825cb011b5f4d90ea

SHA512
9a0487d3aa20c5f2e66e41cdde1f1a9bfe508e38f76e48c91117f078ba8aac00cbba88812be5d112e28f2e5f14aac3ae81e549666c1f2e620c5f924202a15cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0cac4b9ab18a1d542539874ddb0a917c

SHA1
c0912756c60a1c0374c3ba72de5cd0b5124f999a

SHA256
cb6df316c3e1913ae198bdf9c1f8a87d816f0bbc7b28bdf10065df7b85129385

SHA512
9bbcbbe78861cea4e06961d2946e732253e788d3ecbf61041d0f1feccd350f6b3970ae497f799442f5074cb42a4d692ba7cc87507420ca6eed960f14bdd10f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d159f97534f526d761bfb60668b99577

SHA1
a69f406e08554aa4c414d5b480dc9fa2cb0102d1

SHA256
454eefe561db876f0731b95715745da89b5f7bb4e759ec76e28a9c777e3f9713

SHA512
8d522dbed40d7f40c6076ee1e1f0d7c757c4e175e87257a38c6d1cab49d6ec1198852d085013eee307db571c57088a162148857ad4d43b3bff241b994b298d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e0a7ab6c-b52d-4be6-acf6-125af2d3bf3f.tmp

Filesize
4KB

MD5
a5e70c62ac59680f79a4e076305c01bd

SHA1
1490a6967564b60f17aab57c79ba7fb62d21e13c

SHA256
a571b52f6b2aea3f749cc4629bec9e6310f451d3ae4796e8c48536125da55854

SHA512
297533e7f40786343504e09bbbb752627dbe1e5c5c1b7a05662dcec37b5ddc8dc062690874d3842b9eb3a6ef796f6d87a03a0a518a73e3dbf423a038c738531b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4732526ce8de990bf2aa1291dd366e54

SHA1
4a2e40b652941b4b41d2feb3055644173069e4a3

SHA256
5534ca15489b058adb56f4dccb15976d4e825a734da06a6c214078d4e58f0d7e

SHA512
3b6abababe202e02b9d5dbed81e94bfd83b4237339ec07a390231ce00ca4e87f23a78f78085340e4e1e69e87781b81abcab3ef12a222224ed54a6ba3697f4797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c6d4cac559d4de3cfdccd60edb8ae949

SHA1
0c9844800d06fed22b603ea6a3342f2de18d362b

SHA256
fe7aedd754c3d64a2de2a60dd897575beecb60202190e9ee7ef50d68c1c2f843

SHA512
f5d906615b9648e88c3d4b3ae8403e48b58de22e104aaed1af65072ae1c8f022ec2f204a5db2bd7d4a8a50dc6fce5248a5f30ad88e13dac52ff3b5b0ed63eefe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c88e5dcbe13d11d100f8171876b45dfc

SHA1
2c7850d5f1719e29d04e46433103df2b146e4f0f

SHA256
5008c2cb79b4a09700dadc74385a2766fcbfc5fd9440f07b8ac3866ff0ab9048

SHA512
093a805436dce29ad84adfa00104ca0ddf0023dfa35602f2ccea4d637633cff7d1815c95ab62f152db551b4a2edf93f709cc1ea38c0c8f99d5164549be0f910b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
20a7514ff08f7c6a874abf84cf3dbfab

SHA1
3766b9e27cb123ddb8d35d40e69ae87820e0f7f5

SHA256
19b8edbc0e2b0b99a62d4af69a29024aa06c1f49cd994b33dfed552fc24156f6

SHA512
dbbe8f8ece37ebf6493aefc28ae32a702154e45a06fef67b17514637a22dab43c04c57a3f407edd50d3f17c40544a8bf0a327bdc601022e3784c92dedf6cf973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\baa5c4f0-134f-456b-920e-bab4d5bcbad0.tmp

Filesize
6KB

MD5
de47af8822c04e595eb8665b4837c6ef

SHA1
a2a7b13c67476fb24e6ff44ce8bfd41b04b4895e

SHA256
45f75d1cd0aefc535dead0e5735055218bac2ac4f834d49017624268d8e95d96

SHA512
ee88861b94220d913cfaa097d1703205b60cb27d891f9789c56b8649838bf14bf6972029717e33832e6636557bb9a9d1879a35e5b5d6d1d6489ffe9bb27c6864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
7d5aadd6bd87e523c2b346fb3b72ee3f

SHA1
e27c8cefcabe16077fc5718acd3d8e8a05a1622d

SHA256
760cadd17f9f4242f2211af27156dd50878ddaa71e84dd078390cb303e53144b

SHA512
924a82d6600772f2c33e296998500f3219a8c88f2b112f53b44c6efb67c8764831572a9cbd8c818d144756c2c23e1f59e5028d6bd8ca5166085e42d328c2797a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit