hxxp://joinhoney[.]com

Resubmissions

25/04/2023, 09:32

230425-lhxlbsbe4t 1

25/04/2023, 09:29

230425-lf4a4ahf66 1

25/04/2023, 09:28

230425-lfeyhahf64 1

Analysis

max time kernel
150s
max time network
149s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
25/04/2023, 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://joinhoney.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133268959826585292"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
1272	chrome.exe
1272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 3648	3640	chrome.exe	66
PID 3640 wrote to memory of 3648	3640	chrome.exe	66
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 1504	3640	chrome.exe	70
PID 3640 wrote to memory of 2120	3640	chrome.exe	68
PID 3640 wrote to memory of 2120	3640	chrome.exe	68
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69
PID 3640 wrote to memory of 3924	3640	chrome.exe	69

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://joinhoney.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe357f9758,0x7ffe357f9768,0x7ffe357f9778
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2756 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2748 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4580 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5280 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5180 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5748 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5936 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6316 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6492 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6640 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6848 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7012 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7984 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7792 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7684 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 --field-trial-handle=1764,i,10945062774266585007,4048324492292901883,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4872

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
aae254345ab52a0522529b83449c23cf

SHA1
e81fc5e44261f8a71823b188e1c2d489f0ea9bac

SHA256
92a458b6f7dbcbc61cdb7a0ecaed432f18a353fb81278b4c997cf0ff05149ca1

SHA512
5aab0787e8f1d4c3d8d13a09b372f8b1dd24bec19e05a90973c590f878497c343eb0e43d27cc3e53d113d4c73a634730dd9b16d7d1f36a888b08cfa09c8023f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
290B

MD5
3c5dbd14ea8c7bfbe8b654a24b3bcd6a

SHA1
60ca488f993df0f5e80ecaf441badd2d9d742af9

SHA256
6a5feb628ec9bb0d764f1636c6e33dd0f42530745b2bf4ba2b1a331acf8bac8b

SHA512
065ddc9bfc767585f03b44844c35fa97e25ef102ed4749eb3cf37a30df11b68e3a2bd8b82b39663b3bedfe10ec6f540ca082daa7203ef9f34a5f3e5664dc1679

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
290B

MD5
bbb8fd171cec11a280fb22fdabb0986e

SHA1
6e9e9b973d493fa0213a0107ec18ae2e7fa049ad

SHA256
43072a22f0b84a73560ad20b15f85d6e9edb6b6028f7dfd2e2a8ea7990f7cce1

SHA512
51ac23baa169eb8243a69c2e7e21d99f03ddb8885ed57c27563947d87b7502c7badf21ada532b6978485dcf03917c9b860746d5904b5ae7f32f23727fb2d27bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
290B

MD5
c288c26e3772ff18e175829315e15ab0

SHA1
696ee4b00c6492e7dc7f4fb24c91a84b48af402b

SHA256
1430782e95685222ab8283f4c642bc5430b48f9d98ad8f8d249f54d86d6d1ab3

SHA512
ec76170f7c6584a90e00ed03b1cd71f84ca33bdf22e862bf3b7b627afb5e4f884812a68e51027f8281e023a1d60aad05159a5a1c9415ee641f0e22ba6563ee6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
290B

MD5
269d1b8097ec969b14fbcf9d86935b98

SHA1
be3233acfec1b4f3b3cca18b91627c1b29da4710

SHA256
6f8005561e6e86fb650839ee44faa95d4bc8ce6aab8f14a0c1c6b818962c3cbe

SHA512
a682dedad1b20e875a1eaff525aefc0c7df161ee468171d64c48f2ff29aeb09ba9d4df32b08568c5a6553ab14fde035398cb42b03aed83f9f12b9b7845ad45a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
290B

MD5
2d7ae15334631a7c897f8b8ab7d24657

SHA1
2171d69f4ca52824b889675f4d42753c1789ea9d

SHA256
0e617288fac77e651913f3552559571026937b20c0e7381d7043acff5ce0cdc4

SHA512
af74f57ba06301bb5e11681f6a4a4a2b3e58de255e80109e0d4574ac8bb98fd8285e69d8a93c55461a75a9f17929cdc9e7559737d4a646e7baf2fc1407a7c071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
df0ca4c8909223edc337fec07a059baa

SHA1
b95dfdbf0eb3adaff6d6898cac60a4d37274cc7a

SHA256
edd6888682e5cfc72612fb951a3ce2c67f05115d8333b4aed6ee1bee3dad501d

SHA512
3e728ed3ca0bf35a6458e8424e9449fc658837788000fec45352fbaf39b9a6c72aab6b6738c3d757f446e4c21a47bb3f2ca5cd6fe1f0c785a9cce44a34e24282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c00312045ed615cacf01a32c8b643732

SHA1
bad6d1f3fd940c941c97fac9fb85fe3904927b5b

SHA256
9aff8302ab8f8b23e52163982ec64689b8f479dea134ff25a8e42b43f88f4707

SHA512
d30558ad1765dcb98f52dc6904128732e9b7194b54d7c4ff98a1a4d67f43a268ce6df41b5dae8ebbfe317512bd2b66cf35b684b696a10a52a18c0d9e1cf196a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
4097df11d1638026544cc981286ec9d5

SHA1
e9e972dcc1d6b7fd9e78208584f66603febc7bb9

SHA256
a999b2a9351b7a50736d15850bede2193fabd95ccc80d4aa5598632fc9bce58a

SHA512
1b3c2fa15ed3ccfdd61e4eddeb54086cd62893dad59af0f46db789fcdf780442dc76371a3fe83d3b1b02381d8bfff86e73143999728e244951256680e26c8bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d90716414010b97443caef07d117a87c

SHA1
a802025ca3d9e3b593b87891c8f79dac13acbdfe

SHA256
5d18fe55382601aa27e664e92bf3ee06cc450d9940db1ac3d47e2840093629aa

SHA512
2125e951502e120ec1d4fd7c048294242329243ee6abaa793b97644da53913b461f16c705ec7d184ca712d6466c38c49294e855d22161646f9c3847397af7820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
dd4fdee6b2d0045e27829ff91577c74f

SHA1
924b19dd015a8cbc5c36055c972464c6b518a1b2

SHA256
52fc76d47246a8cddd27ff9cc2225ec2b92e719d28487b05d1227f30bee5bc37

SHA512
9a6c22d2c92985008b250bd7201c914acd0858fc9eb15215b85bb90ef21af5e56db7a847d5b2c18f1f1d36899d3d27d211e881926f8c7be39d0bde2338599c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
68be78c449ef3e8b2996f59ad94c0c4d

SHA1
5bc6d3c4607ef538b3fe32a4eff952890f9c37d4

SHA256
1c8320649310470849922aa05d41397acc302dcd5caf95f6bce9105c5a071001

SHA512
64c03e625512b77c5700736abee30e9d80910d3343a43b84bc8353c7fe8b40c800398414e8387b95af7fe5c70dac280fb7048d5ed1fab2d5c9b1b16320b5a7df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1db64b02608cda69f3fdc2e277d1533c

SHA1
e48fbbea03006a6486ca1741acb0fbf44e1f85f8

SHA256
a949be596cf8848bff36c991d81dec8cc8dfb1f072f2d4c99bd97ebe6a16f17c

SHA512
d6d10cdc0380cf9f4fe56f354eb047ced5158feb4ac86b23cc506365edb49158368cca35a841b412ac3c57667924d6ef023a59241ea38969e52b6b1ce37f9547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aa88c7b2c8da8df8a86f2df33ec9981c

SHA1
bfaf9d59835e3b31f2b1f019222ef8c34765f148

SHA256
fc4dcfec6b412808f88dc018229188ac7f3d77c6ce2d68fa474153a404a99040

SHA512
d55a228903843c9bebf7b3d2b681f8516f068d022e93053dee0c64d863e544aaf800baabaab358ebf9c899708c748c8972e0e80dc99895bb243c939d618fc359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3b9cf0a3285e9d61b330c7a1d3f8c3bc

SHA1
1adc428a80bfd1d82780b574344ba61f67efef77

SHA256
72dcf0c90bbe5182821d058064e6d1d76ad4b97081de2a005e7e7a9d30b6ab42

SHA512
1b6e8d9c17d6d87c2cf43e5d38fe35a16b30b42e0dea20d6594d983ac6fbe79497fa2e97dc7879c4cfe7c623ee70d1f622fac5ff0bdf35294ca54e8b7cceb3a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
f4dd1e2b0d55451e064513a6c24beb6a

SHA1
713aaeeae39ff2e15a399dbf8cbb5fa2738a2c36

SHA256
ca13465172afd51d5915b10ca4dd1b047339a143fc3e749fc3cfc7c1803e90ef

SHA512
10e91a25bc391bd0c5b402bbcbbfb814bed63818c7e1daaaa5f004ce89957bd178cc3f80b249d78a8dba0bddaa3179eb653e8fccdafb77f8feb372faa10ad798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe568d31.TMP

Filesize
120B

MD5
f7d5768aa2f672578ef7b08e16503b40

SHA1
98153cbdc7b4252d32e7b2ac8aa65260458d4ff4

SHA256
684921c0faaa25d8210fc6d585bfcc0a3f4caf58f5574f30e51d631c06813320

SHA512
c2a2112c96449cbbf606a53799d5dbf1dbdb730d3b45b1f47425233c50ddaa9f80d670105010e322422118ac202ba6493b38e72a28db545439dc11bddcb189d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
a6894a011d9cc09baef566f756f80d19

SHA1
546caadba6d586ba1231584ab00bc94f213db316

SHA256
5a927ef78390b4a84959a52fb65e5dbda46da77456c896bd588a2afc50d185d2

SHA512
002b796a7988a08a2210be13e6c311e67cac992f209b40948836886fe18c4e7df910e7ab46c307c66bd8a13eb3bf9952d28c90c6e1d3c1aee15a89da847b9580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
f1a53a73d8c08d6e24ab1ae2d21cff93

SHA1
60d70ca1ddd65a81fab6ed16e2d4cde25d5b422e

SHA256
1a889f3faf37e01999f242e430c9b5a8ac9d945b9b0a0865d170f166e3644f05

SHA512
c7802922075290e95fda263bd943b94d67536f442b69e862241c0f55ddb41d501d60023a778ceeb9e5faad4021aac11bd7f11aa18ebe58f1b7f86c26f0950269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
b04d3296cd06ad2a5d0e82a06476b9be

SHA1
d3af422fa3223f1890681583c0b8d09f6f5d61e3

SHA256
b1c5f365c0008da9026085b24801d257aa0c589c52b3bb7fbb476d12ffc91420

SHA512
8b1faf8526d70ff3e34f7a202a5cb57d4035fc0ae2d9b870f47c5b8b91f8dddfa8ebc3be653af55b3263b733e709d288ef98be60e747efb7627720eb83a9fe62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
e375c044a58653e0cfa2a45bfe560dc5

SHA1
cd36597e8c938c85f6416bad1429c976d74f286c

SHA256
e89a07daec32789fe10fef0a44e0cb63d08915d4522bde7ea35cb689bfb91283

SHA512
5b6a1d7c44c01671fba242cabe7eb65fccd5a8670b1ca14f6dcb1c860e7919f740b447bc543913944958c343d5583b56a4e0ce83294fb658175653cbe857e941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
71a72290888151079ef2cd86cfffd66a

SHA1
b8ebcb648713ca5c89d781ea134c5e01de9cf33a

SHA256
5d04677e43ac16b55b1bc6bf24dc87a239225f873b79e9acefe89c9909f45095

SHA512
3f084c4d8d33d41a0c81f9d7e6560281f969f85c5a8aa732aab37ed6ada1e6c273cf8b90f18cc9ac032270184f8c15ff579c95e57ddc6f3b7c55d6765838b361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit