hxxp://url | Triage

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2023, 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://url

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31033585"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1366224050"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca1302000000000200000000001066000000010000200000009152d3949db47153c152b58148c6511b9addf97773f65295ee3c5d409f06d4c8000000000e8000000002000020000000b02394ff99fe00db3f5fed292c65f7062509921ecfe84069118fd779c857b0ce20000000f1db12296eb48620f3a8d07cdec8ba73fc1b5cb668b18058584297375b2ad87840000000634f1feff8ea2726a09ec64bc4e63a2d163d02d0fab3769fd21256713bb1a1ee8ee2473c0ddf7e10a8beefdbe8395194a5a7372cbd15f77e54692cc951e02149	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d02259f188d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7C11C63C-F4E4-11ED-BDA1-F6AC10968584} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca13020000000002000000000010660000000100002000000019a48a04cabd6b280994fbd54ba3b401becdcb70af436083b9c48fcb326a853d000000000e8000000002000020000000d4485e2ac912c42193932d07595e68899854f456067ca52b21f22fee13b5890c200000004fe1cf99bebb2a4135e97db104651430e4cf36c958d08d16544cc03a9bb4ee51400000008312fd8ca49d36f41f26b09cd38389f7ab743cf09377e1c4bed7269abeed4ce3f4335e69e72c1ed1881c347cf23544a948b510bda6d8c50caaac287be891c097	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1366224050"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0200659f188d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31033585"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288233964862455"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
4692	iexplore.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4692	iexplore.exe
4692	iexplore.exe
3928	IEXPLORE.EXE
3928	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 3928	4692	iexplore.exe	83
PID 4692 wrote to memory of 3928	4692	iexplore.exe	83
PID 4692 wrote to memory of 3928	4692	iexplore.exe	83
PID 1568 wrote to memory of 4880	1568	chrome.exe	90
PID 1568 wrote to memory of 4880	1568	chrome.exe	90
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 1408	1568	chrome.exe	92
PID 1568 wrote to memory of 624	1568	chrome.exe	93
PID 1568 wrote to memory of 624	1568	chrome.exe	93
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94
PID 1568 wrote to memory of 4696	1568	chrome.exe	94

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://url
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4692 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8fa49758,0x7ffa8fa49768,0x7ffa8fa49778
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:2
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3380 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5036 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:960
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x218,0x244,0x7ff6a3b87688,0x7ff6a3b87698,0x7ff6a3b876a8
    3⤵
    PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2904 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4556 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1672 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4608 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3504 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5676 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5800 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2804 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3348 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5652 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5840 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4916 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6080 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3348 --field-trial-handle=1860,i,5846645286202915966,6394349000666668659,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
25KB

MD5
707317ccaabe08d32d1bd781754e6871

SHA1
bb82dcd3e044c960e0861c2ce878f5504e628f78

SHA256
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051

SHA512
5187420305ec249fc88fa9e14a554d381d3875d6433cd956f7dd3955810552055f03adc98a15cabbbae6ca68116b7fde1781be50736d3bcb1b56f989bc00f3a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
162KB

MD5
475f3b2f4b6829f089f959d8291c69ab

SHA1
10cfe4b0bad5e7fc4c1bd4c4f79f9cc32ed93c99

SHA256
4f40a7d3b7ddf8e77c9b9556b37cdbc062bda1e20757b4c709adcd3ee624b219

SHA512
fb2b2fb4b86dac393e35c42e66e327af699fa1c6baefdeb4ce9f95298990faed0ad556475d16ba6ad31868412f6179d996cff7c15329f4ef92778be592e9d712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
7c219c3ce838ebf1b0b0e61226d84424

SHA1
e07e462bf60e69be2b08cd3af803fd3963fb264e

SHA256
f7064e04aa8ccf79078831d6841ce65979b4e348ce694ea6d61bfb0e8d37ce0d

SHA512
5cf7b827b7741bb417ac40a7aad342bc3e9502d35c9b0525045f1668e8082adbaad68dd07047a784a58eab08622f075e35a11889e283deed5abfcae10668c0c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
83ed235483c1a6d95f3a0b1a80924728

SHA1
33505a661c3f53de08bca83b97c9330b6f539a64

SHA256
c34e099c99620fdc04649c8a7997f377af8601ba8eae17fa3d7b56ae6a6b7cc3

SHA512
32237a71289e67d5cdaa12f94ca4c20acfdb50d4361bbe9b4ddd55dc001debeb9bc7ef9a4e04321af0b8e553b04806f816644ebcf6a918f1fc2f5b71ac314465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f688fa9f612aaa164d0b2c8bbccf8b37

SHA1
0c8f6a8b9f657829b40aae3be3e779ceac05e3d7

SHA256
5d1f12ce9692cb115061ca898c253f98846a688acbdcb2c42af4740d0322b399

SHA512
e190d88f8d24b9bf463ad05e86d6bc96b8d70fc33d6209bd9633158e5f2fd4776a10c30336d5429b02e5fa1436387b6e2bb7e36bab83f6ee9e866881bf97e4b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b76166099e491cedf1b7caf837bc779a

SHA1
828c47c322c2a48b17f775a102378e085c687ed7

SHA256
6a0677d1e9c9899ceae93a0c2f9e112a29d966fa13eec8ebbf02a08cd00b69cf

SHA512
653659de500b615d6e708a8061b5a058c24f16c0804406ceaa6b2f4c0d3b770d2ac0397455e79ac00e484daa721da48703b803f1e5997303eb76d9dec65666c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3bd460a073e27c2f7d47a21a474c4af7

SHA1
2010d5f2805e743803477702701467c44cfb6689

SHA256
5f871c9017d0a9f1355329ca6e1e4e08d3a0911396bf88741cb848a51d63131a

SHA512
6a24c400e2e88131ea0268310be5db8fe05891517e098b283b30b6e463bdae47f7c1e078f81d1b3851129d7e3cfd9f5df64028bd6e086f07735598fdd9c008ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
308345da80eef3580183f988e5134f16

SHA1
8962f70dc8c6ab3d0d5002a3cfb36f70937ee28b

SHA256
183489182a52a67ef6ec9ce6a6f2ae89ceb9ec9d0687ae6694b540055b5cd6ed

SHA512
84ce04b298819015c42d458e3321b9e99e34b136f1499c90207e44cd003c06c807f4c9f7dbf94ba3f91be56c84bb6e5b01e263bdb775cc951f9a3edde769c336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
90b9dac79da8082fec9418bd06837c5d

SHA1
f0c09e1c5ded90e3b60b0dccdefb1fa3369b627a

SHA256
2f7bac530ca6d55a5050400aa38367ce03127360591ebc8ef4fac7db9cf56852

SHA512
7ba0440163a48fd24b9d9ac0834b818275c6281634cf06892a6b82bf00f7a955056cd26c816b18682db0daac4dd56aaec42142d34d407d33dd3a4abd8d04b0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8a5352fbcc3500a57af0dc86b61bb39a

SHA1
de7b11a361055859c901383df710c865c6210930

SHA256
9fce8b2fbbb10a953224f0e5fd4be84d43c5ef83f90d362133fc71a94e554b12

SHA512
4b907bc1c5cb5098c8b57d3d5f24790c76d0595460378e90fd764ef759224397a506f411d1e6236861dcc57d5e3b3d6794dcca27d0d7b397ab95a2a8177522b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2a91003ca354664581330b3b0fd626b3

SHA1
a56c9d5d24a78d522ddfbcfff7922d428c87ec54

SHA256
522f8b9ecddd8e7b46d3ec40d182cec7141a95d6cfc508e49aa99946af8e5eb6

SHA512
5f63ac7fc586cc127daca41ae7c7359e893fbf9321e630655aebc98c12152400e35173c09eb4b91a864e04ca2b34c02acf5395363ba788fdd9cf748ca1e0a85d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b0b23c0d54834cbb324007b7b2fcf53c

SHA1
482286f0a001fe529373dc59e8fd0a373a076db7

SHA256
436bce443b1bad3f67dfbce420c28bf2090ceee71c8db3cdce75f44a543f657b

SHA512
a617a2ca7556654f069d06a9462f370c91342f325bc3b4c35a20d63aac510afa8dd052ed65cc7db3906a2fea611e9005420e3d62d5ddc0810aa86925a0f7ea84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f666236500dd3b8a66ce4ba0ee5756bf

SHA1
036c969acd93bca12732d0d98391870d5f0d8a79

SHA256
5d0b558479a35a1cd17cd8c5442d03466b45fa49d70353ab74a2e4b29640e207

SHA512
2add2c816f65d136f6b3ec581ef07f4bbb4b6c68ad6fedf347787d5f7bd79e34cd8c6b2ef233e0daa1d4193163379d30ebf5230044863fc813d31fcfd8b4244d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
3764d0451ca6decece36a76d01d998a7

SHA1
a218b2f0d47d6cd96501977a103345d1984823d0

SHA256
216e36a71023c567b3575670508a00a614234b604a5944cfa018689abea1905c

SHA512
59b479e606c89a12e31a65609d1be88dd23536f56e6d81c25eca3b5c4ed2e10a76b3d0fb3edb2b837ccece3434ca35a35c513d005a52f60e24cd58609af1277f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
35ac83f629d4878615f2511828d914b1

SHA1
cb0e92788841712cc4c6c271bae6a41d27c8e64b

SHA256
92e8ba10c86fe55c531af6531343e462ed9412b9932b050416a6291d00e5271c

SHA512
675d043b99fed16c9a4a38027c80e327b46d40e78a84067e6639cfcf1ce9e9a2f6b17203e79f43037b00b450d048c69a7e851034c6e19e86a721f534b6cfc1d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
7d6e36dedf27dd2c17108e0b603fc2ad

SHA1
52e1bb387cfb3d3c3584ab3d1b64355b190e62ea

SHA256
a41e5e1bd0a5b40bc8375be4e906db80e10b749d29af6f6a7494608cd3241d8f

SHA512
beb8484d3f4321a9264b980c5b1635aba26f422720a345100aeb9ef8e09065fd921677c5ac4338257c1e805b58b9a98c3307dc1e3968fe5e520a707225fc52d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
3fb2a39ef5d7ca3bab786883ced90e0c

SHA1
8df9e239c325eaff47939968155f0ab2236cd4ab

SHA256
070c3eb7e38fed6f38fd0be6fc9b75a6d954a3066dbad10a91ba9459755b6f36

SHA512
9e505897a7814b10658025e17255e7ae42dc3c82df0bd53e0b7adfa94ce86e66b6b65fa385b528e7e762dd8e0c3555786faa086c5ed3a42b5c644de992a35e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584d9e.TMP

Filesize
97KB

MD5
9fb567b79a6ddcea863a838f44d211f3

SHA1
2224d68aceebdfb1d08e2af3acdb551e7f509cf4

SHA256
201a7674925980cf120ebbb2b96a84a2b31ffcb5b0cc8dd0a7d5ed1d939b7ef3

SHA512
ca231da6fd440284d9cf7bbc43a823bf3a043127be7240bf452901bb6b3f85c7ce11aa877866adfe1f41062e3533ba1bc0cb2093959a27d1d4a0585b9604b236

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit