hxxp://xn--qntas-rwa55e[.]com[.]ph

Analysis

max time kernel
601s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2023, 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://xn--qntas-rwa55e.com.ph

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133291377371777973"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
5600	chrome.exe
5600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 1960	1516	chrome.exe	83
PID 1516 wrote to memory of 1960	1516	chrome.exe	83
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 3348	1516	chrome.exe	84
PID 1516 wrote to memory of 2532	1516	chrome.exe	85
PID 1516 wrote to memory of 2532	1516	chrome.exe	85
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86
PID 1516 wrote to memory of 3816	1516	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://xn--qntas-rwa55e.com.ph
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffb59758,0x7fffffb59768,0x7fffffb59778
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4860 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3352 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5448 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3276 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3460 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5048 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5784 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6084 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6388 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6748 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6724 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6588 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6360 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6872 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2768 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5108 --field-trial-handle=1768,i,8697375614496341097,13425471625812136204,131072 /prefetch:1
  2⤵
  PID:5180

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404 0x2c8
1⤵
PID:2980

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

Filesize
1024KB

MD5
349f7c4e223aee0c07c1c07bba01ccdc

SHA1
86d58bb512ea691cc5d041b6777cf55dc3d6d3ff

SHA256
2a16d23b163a8a1cf0835885a54bb76c4edd69c4210a7e2ae774f8fce93259cb

SHA512
fd574ee75015a8535c826b00b2536a7d1bbfff2b744bb54a6ffeaeeeb739dd3b6511258a54079e1fd1384b53cd94313b2256de568b4449e9d240e31a70888de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
25c758f30cf7956792cf4a6dfc2df487

SHA1
1f2abeb8b3a62767c4dfdffd048dba91cd5224d1

SHA256
70a0fe7a10dd39b621a469e9cef01b9b33ba600d130f566c57a70e4b79b9f9a9

SHA512
4380459f32c55b2bcbede09af16bef6803c7ee055422c22b7c17cf9d5abb07ff7e237125a78e9a9c78e6b1404819b62e30b12df7aa4cc5f614d0dd7a58b0b805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
05dd604877f20aaecc685a7665a6b25d

SHA1
247724c8773e9e16bcfda7ae986daa8d2227a00d

SHA256
c1566b3099f64624dd3eafb119ccf43d9e2c368efa3b21b032f44996c33d1b12

SHA512
833e199f0aa8c835be899bbe448aba64b92999ec58248adb2e42bfba4521bb3e945195c18e80a4f41a8efcae0059b97f5a4a45e81e153333ecb0a127cbca2117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
624feb3191a8ff47dd2d1ead3fdd737a

SHA1
4dc5da00d482864a878eef64a34c164c0cdb1a21

SHA256
1371ea05e4a7aac2f69c4eb00e05e961a1c22e872797bbb9d4d8c4950f8dfbc0

SHA512
a060404613cb536124e11b3a609763c921260020259a29efa8e8baa7fe34d67b778667c00a71beb56c77fb5ea871b305bb1dbf5fe769f85e7d8520841625e33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
3182cdd6532db83f4e65f77c20013c57

SHA1
9334b1f1ed322c0575a40c596eec96ead3c5e625

SHA256
6bc57e68923bc777165795ad64ae8d9c4ccf907f4c2c3ddff19346677d625e68

SHA512
fd42810888b3ac13866be48948a53ce59f69e0b26059aa8f1d71c4ec93bf902e1ade084b6c0c8044d7e8869b9ed12eed32b0fd044280d3290fda1a871b32215c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ab3341d2deccade197b3a4e34ca3a1fd

SHA1
76314adc3e9db6554af4a595cc2ca47285d99ecb

SHA256
367b4186f3b3be3809ff8f25c1969b30e7683a19088a61a4a216c3ff56486438

SHA512
90350495600bc8c97c6cf49cc85834e7ed3b1d4b3240ccf8d99f866036551f3e283204508c48f25240da075a84b536ab1375cbe2d2c141448508f3dab0fcb544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
478a84a86be922e20d46e759322fd0ab

SHA1
7dc01cf10645f147a7401358569dc95ba81f3694

SHA256
550671d752d054b0260fc3b806b65699bef31a578bd14805320dbdbe3ea1a03a

SHA512
6885572078db70dcf8aa0a6770d0e9238ebef6010b773f13f4ca70baa0aaca5e6e77e29dbb7a986866d9a95bb9a62455752b035c99371f124147e13705e6df29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c139ba96c0e4bb3912a7a170d1e6f18c

SHA1
46929dd1eb4764e5f736a1dc027df7179b5daaab

SHA256
db511389845f3e32141e48919712524ba5a5f0246bad2d32c733759a07f72eb2

SHA512
9ae21234530b7d89551a67dae0dee70055a17f09040aba681e5022762997d0c8612a34e045c5ff05dd8d9faaf24affc814dbc180215629ef3e6ef429241f1f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
be00fbc345a8a6a62e1dc3eb4c2c4e7e

SHA1
e69c0aee49275ffb3425b0660db8dfce66dbe329

SHA256
059cfa825148db6e1a096ae214a516043be6e11e43c173ef084b36bb0079f9a2

SHA512
38e87500cc6d2ca5e5d1be6e82b3e19330c8b1199a430a8d5b2ca219074c18e5be05354bb66af56aacfe732d4883d3a769d587089a4a5c4977c8eb4dd5ff41da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bebf16f8-5ed9-4969-b21f-61f9ae6b9d14.tmp

Filesize
13KB

MD5
a8a098757c2d7ad6b5b36f2ef8ece1fc

SHA1
452d6dc215498a4ae0ac30d8af6e746a02529e02

SHA256
2b1a38ac8e3def9c3f919b171ff3eaf448de97388e19018d0b692a993fd03d49

SHA512
c20e2dd452b981bc0fe4b687617426edfdf14ee74c684c6d3c9c2e506fe5dc6be94666420728200a266b2e81e6789a71bc94a3b269e82f8c98d21737ad8cca1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dca7197958cede639ee3daf1fc6845be

SHA1
686d9728259b459f9774c3cd27a2c4a5971d6ea3

SHA256
7a6f59babb13f8966752977b4485f3b7d49f2a098a92e529dd7712029aacba58

SHA512
061fe26a966bfebd4c1db628db02ed880236b107843bea2023093bc94d37e60de562943a08e6e004fdb5ac6995914c59e6fd78c0ce4dd7024c7328972e01491f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ffe525eb757b0281abd7f3278c65486e

SHA1
30b45df294aa2f476afcd1e1def4ad4c2ea90e3b

SHA256
d38acc5d33a3424b8855cb86e30f5f5426d5c67c0a02cd5dd0b20217bbf1275c

SHA512
99f6ce5d4ddc8be8491041ca14c8cb1c024be89a67d0736ea33654010d82280df53d2d8c2abe21bb992d01e36873914d2a81ff757d86700f90fd557cecc17678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a03b1ebbe8a50fe1102e58498c63e640

SHA1
25cbf653fb583f446616a101b6d8945bf4099248

SHA256
423d416c6164e28265682a934d1df30f01ba2f4f3c8f9fccc5d147a0acb82cce

SHA512
0b91a90de5390be1a2eeddc2f222733008c3f163d7dfa99365070a7cc8ec5472bd9c8e77c890a0232ca1b0dcea117ed38b5b94cb4376dccd214aa938747ed4a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
151f35a166af4e1982d1343605c24621

SHA1
1f824a764d49c08e2a50428fc5d4eb35f504eca8

SHA256
473d1b24b3297a2ad33de397277e341d0b5227eded4e68524bc94923ffd284d0

SHA512
0b63ee08db2b64b7f6361df968dd914e515ae32ac149c299101812fc7444e1841e73386d5519667555e597e98f056228ad7b067991c17566025969ced5175589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f4c593394c092dec31128cecccb29d43

SHA1
c087471fec840e056929e7beddfc4543044a241c

SHA256
075b3e6d008ed24532bd18393aa71852db61ff89188572ce280ad9561dd4a42b

SHA512
68ddc3819a21c4c59c64d36d4e7b7c47aba62a39bf2288ccf4d2c5b397dcfbe0f227ed5991e037a1f36a6d033b5adcb87fa91646964c2e6e86ec809c9db070b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
cb9361c1edb9190e7792f536f4f2d028

SHA1
e1782390849380c8f8ef6cfddbd4dec4156e6b7e

SHA256
264e6f67fbb793aef0247fc46c1cc0bf36f15a42563d2687ae6bca30f01f6fbf

SHA512
7848bef00ae88be31647f601b1b003b0852dc90f7bd02f10606933371002925dc47e200360f3d3c32886c030b750065d136cfe61ac4d5565f501e744c2ea1093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit