hxxps://mygovid-refund[.]page/info/

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-05-2023 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mygovid-refund.page/info/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288680044643777"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
3720	chrome.exe
3720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 4464	2456	chrome.exe	84
PID 2456 wrote to memory of 4464	2456	chrome.exe	84
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 2220	2456	chrome.exe	85
PID 2456 wrote to memory of 4608	2456	chrome.exe	86
PID 2456 wrote to memory of 4608	2456	chrome.exe	86
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87
PID 2456 wrote to memory of 3332	2456	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mygovid-refund.page/info/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7c709758,0x7ffd7c709768,0x7ffd7c709778
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3940 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3380 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4044 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3232 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3420 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5212 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5204 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5216 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5240 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4116 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4112 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=832 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=744 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1812,i,11213333208673194636,17032354499426008870,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\53375d42-03f7-481a-ae3d-6db4050f409b.tmp

Filesize
151KB

MD5
5dcbacfc4378582996b52aa94296bc2a

SHA1
fe96c22d61ae2c26ae1839710a2a6a5d80ca2f92

SHA256
5e894f8fdb06aae552a4d6e90bc3fb6e100540c9d238f6eb8a94b5362b777ef1

SHA512
8f7f4e506e4534fcca41a5c275095a197869f5d6ca8c69f8b257f9cadb6dee0b24981e6c70e2864722c7d8c6486cc8d04d99e56b6c0ad23dd2115211d06600b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
882B

MD5
3a52a72e391c659657431881dd5deb49

SHA1
e18c03baa421c56683fb68cd9087df7384e094d9

SHA256
8b38e16faf9f14ad9ee36f5c9cffaf1c5bda9b4aec03d91ca16735356476ad0a

SHA512
900f86fc2138fca092bfadb8cbabea29cd32084a7ac31d1c06505741b9176563cb394d20540a83d2ccbe3d0d02f0beccb483081b3cecbf53da3e6a808a086400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d3d709e718c4bbea23e0671fd9180427

SHA1
c259a7de7582e00473d71b4a1c46e054620334f3

SHA256
c8cd3dde0ad994f12e85460fa91bcdab5b9ab1d54d973aaf98fa1990f1aa63ec

SHA512
c93928319b7ad2322384ecad11d6f1c4f3f493f157979b2ce1a305c82734fc1b665b7fbb6c271efe7568c0ce6a1a98ccbb8881bddfa9d77f45155e46790ec647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81eb64efe4b22bb89f831858b93ae109

SHA1
b3333ac297e5b7faf373d2d8f2c6aad6ddf2da74

SHA256
9c4d90c9db9459fde91f3d53cb0937c5f6e04207595483c623bab62ceb11ce5a

SHA512
927f13b53e9a4dd0de713f04466d2c39ef4043c3513d12481484c0d8c18296ebffb4261239a230c2e6d4634f7d67b41d47c49f27dae75b9755fe65d0c4a11cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
45e7ea5104b14f3bb53ee3fd6bf00bd3

SHA1
e21f8882c194e9823664de2455b06bc98571d8c5

SHA256
f0fab14bd706ba4750c8e9a2adc79bec6cba1940a475d5fad2dabf21cff52557

SHA512
534c9e1f0c1eec07dfa0e31fc5367da34b62bddda280f4f3ac58206063bee232d5790a4b6bf8e925c5fa2dd1bf6150b12e4cc99aab995cba859375edd78b3358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit