hxxps://www[.]billabong[.]com/on/demandware[.]store/Sites-BB-US-Site/en_US/RedirectURL-Hostname?Location=hxxps://clementine-py-mxo4y[.]pagemaker[.]link/clementine-py?draft

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.billabong.com/on/demandware.store/Sites-BB-US-Site/en_US/RedirectURL-Hostname?Location=https://clementine-py-mxo4y.pagemaker.link/clementine-py?draft

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295802617644174"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4492 chrome.exe
4492 chrome.exe
812 chrome.exe
812 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4492 wrote to memory of 2876	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 2876	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 4020	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 3704	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 3704	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe
PID 4492 wrote to memory of 956	4492	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.billabong.com/on/demandware.store/Sites-BB-US-Site/en_US/RedirectURL-Hostname?Location=https://clementine-py-mxo4y.pagemaker.link/clementine-py?draft
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffade6e9758,0x7ffade6e9768,0x7ffade6e9778
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:2
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5336 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5192 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:4244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5624 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3580 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5156 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5660 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:1004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5804 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4620 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3592 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5560 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3880 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=836 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:8
2⤵
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4408 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:1
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 --field-trial-handle=1812,i,4392933479385723367,17365388015684121372,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4800

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
Filesize
162KB

MD5
44ec03cb3248c903b67751ea27df310a

SHA1
c57e9cf90caf30457e9d57db750b8a0eb8856770

SHA256
d4de4a836d11828dd561db1eb8d7fd48a7e0ce9afd8645e2eabb19a1267b6894

SHA512
657e8958d97eab524224bbd8903e0bd7d0c2640805f77da7546060164fe03f7b6ece99a005ef44e41b7233a2e24ffc63430b2fe3c87f61a1b26e0d7c7e52c365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
Filesize
32KB

MD5
0ddb0197a0c763710ed4bcace0299bd4

SHA1
9bdfe66eb70096bd0ddef927501d890096ca9a33

SHA256
66dfb3906c9cf81160ae40f36752ed790071fc422fc2252b535d475d4e88f556

SHA512
9655229817fdb40e3f113ef37f3bd23a9a5d60ff0aef64cb4c4c34f707e5e52a49516e7ba389a4370e8237aa6a66db46c0edcdf609273f74490613557316f6ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
b7678c2b206824ba578c4b1992547e57

SHA1
e0f94d80928e1d0163494941c3a0eacdcc29965c

SHA256
d3ac962297838ca5a223025c2fdcef9fb1660e8b4c46a1925aeb84919c3cb25e

SHA512
4ae536885cca8f9697c9518d078becb0416e091ea2d3fb3f32b38f945671ccde3b03ab9d748447bfe474ae0b9a56e6dff8bd5c2feffeaf4d75cfe91c84d7b223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
1b0538aaf4f340cc74aee701f6840a6c

SHA1
b0b40e9a1ac630e895b440a9df6fcb03e873dbc0

SHA256
de68a42287f1de15a97afc13d2a7c755a862f2466d53a648243b27d676b5973f

SHA512
7cf62e7ecf15458913e66676a3b5e8362ff6552b1c9d86ba853ee327a14c6dc0df924f75609230086aebdcdcd58d850125df8e7e8c98d8485c9cbb4d03fc0c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
52ef0b635c359dafa790bb85b9b4f2ad

SHA1
11e2dd721a71e1be260d8717a8b99a92d133da7b

SHA256
58fc5274ab67c1fe0f6343539c97fba101a96cae58c413ee28cd9dedabfe85ce

SHA512
1ad941165a5e3459fc34d582269e9d6b90d4c00d00c8fa03b52e954b53132c7cf8ded8627270a11f3f363fed48bad21d8734194c826385afa5822669e005543f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
80963c213752b3ebcdc257f7a519e4a1

SHA1
6235645f98eb1fb31388fdbef392f6e3a0a04298

SHA256
88dee3a24842654c84b7f09a8daefcac35e201b1b2fb8faf1950608a15a2427b

SHA512
dcbb2b5670156fa4d2beb836a61d00a80585dd7bb428a25a0501296baccaf3a99d47b5608eba323924bbf026c319baaba07bddbd1e5bdc8d11520987c5767259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7106c7e7857e1d7179dca81709787ee7

SHA1
3fc55f1ba0da9dbdb6774df8eb744994b73aee7f

SHA256
4940296a1addc056a7fba62a202725b3399ee369585f36b1286ae49dc6ca4d0d

SHA512
b9fe7160cda6cba356d42f46f2692a5de156b0b887514a959b3ff6aae97144b7288f9cd1b06af63efe197c13beade07fe0d8db86cefbb245c998e77c3e7a8449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9a2118d140cc4b2e8df9c009573e4112

SHA1
98f111975f2a78dc04b5a71185d9d1467d6f0341

SHA256
5fbfa0278935e32a2db42f69d7dae6cba5f10c1496d0bce68faa94f0c16a9391

SHA512
fc771b5b6aa2d1ddb956e67801afc7bd8f10b9b7d8435d6f624ede16e188a1ffdfff3318868107908ed4c4416977d87fa338d1ce1eead4b0986ca4b0463c72c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b7af134aa0b68905c0de57e0ce2afd89

SHA1
c3575b89889f105b9aeffcd9b519749fe1c15076

SHA256
603182747e4e8cff0cfb96e6ed257d4ba38f008b7411f358bfd44fdccf185484

SHA512
51de4206171e3e86ccad43343e648f2e309441b63248f96ce8e102a4f19338e4c4202d8791e85414e65347a90e9a642254e8365cd428408ed386065531331a04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
766ba7a02f3d79ef927d17f8e341d80c

SHA1
2774d26c9e3cba24ebeb735a87edf186028fdf55

SHA256
e9ce28279c11d43fcb449202e1a17a207c88229020e7f9a43f0a840ace2f446a

SHA512
bac7e6d45af714896c3977ca3818eb53a703299ac7914181478d85bd81c6327922a9713505661951c5d6fd1655592281f93cbbb9543d3b2d772ee414b066b265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
f9902753706f639dfbecaeb3068f5c4a

SHA1
1f8f6ea20f7576faa081cf2270bb56f18e9d47e7

SHA256
3943540fbd156846d623d56da8e62caa2c4de05a762be57cdb8da099570a976e

SHA512
8322f846607fa0c7821c3862cce2ffff23cb3ac77496cb692e2283f3d076b1468d1c92f7c80e6a162f7611f4b05721085e2051dd4170c406ae022177a81ff5bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
16eef5732fde81deec2e1d8bf8a8aa8f

SHA1
9afe537e44dc9f7c7a26621b89aa044522e8dee4

SHA256
fd54f087cb92ec1c94276d398b53bcce1f0f3181ca5b0f1c03ce1f0f367e9fb8

SHA512
22033c867f9fc1a5384bf0a3e6397839377d29461a0af2b1f725dd353c9c97df512b888260e3164f3600a7f9a41c9a3021d9237c80c793526e1e6266ca018ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
fc311087141974d72d33aa1d37d2e983

SHA1
0ed1b7bcad4e981da29734b8d9543181cd925fc8

SHA256
7b161d14951947244449f8e4e7e18d4a8a3d97df5403f195dfb7f5944d1f91e6

SHA512
6d615740d4278311b2e1fe4e1e6b63c48d504e5ecb8605f19a811207e7bee46657f7b1dada3c3b24a2990763d54ee3be9b415f2177401901c559e66c3c25d5f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579470.TMP
Filesize
48B

MD5
5766de6df4ad0d71993bf9d955685386

SHA1
e9649fdcec0379ae5aae31f07b0833806daa3a79

SHA256
a29c55960fda21615905eba8ecbe42cdaf119ebba2695b66919a663b6e66db79

SHA512
8ccb4d3624e863226222975840ce47757a31216511d491b9f42ae77a902628a4d920e5e4c88f3f41be12e2edea644f20cc517f8ab0a69b1f629743d855879e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ebafdf90-daca-4390-9a71-762162190b6f.tmp
Filesize
6KB

MD5
ff160de6a8f12d51c395f5b59b51fdc0

SHA1
5d184c971daeb8057cf0008455225af3dcc366d6

SHA256
990f15133e92a6f9cd809e652cf3728b09c83c13e68fae5ddc000ca5afcfde22

SHA512
ee569713aa2c534ad1bdf4533620a81858b4cd6159f86c2092dd752f9cfcdc750eccb2843cda07e45ed6a6fbea37707b0bbe99a64205a8c7ae62db60418f87c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
153KB

MD5
d2e156461ca5259c67793b40954792a9

SHA1
c73e5a09e8ebbda06ae24dc55df6e52705fe4f3a

SHA256
0c722f436a04c54be1f10278d49918d60567309e99a47274eccfa6c476beea44

SHA512
0560b8486bf6413860ca532f459fa7618dff6c2afd5d109403361cf5b615c52939eb5331f094e8a21ae43fb72a96483a8910a91ee96283e42fbe087a5381cebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
153KB

MD5
caeb2e2f2a5dcbf86e94062364819fb1

SHA1
bdb4267307bbc9c89eb90afa648ba3aab1d8c7e9

SHA256
e71af13511219e438025e83d8d2f5c44f0be0235e190e7948f147b9305f034d7

SHA512
ba37c273c3b5b95b3f27f3e95f3eaa07f9aa0d427830f1b28a935a487d495d4eb3e7113fef46cd05c6fb0eb212a902d2416f145e48710e3c7bdcfdd570ee518c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
4e6cc69a78f5fea4ede37c97b0a291bf

SHA1
32f4bd16afd65515a867d42acdf3ad4cf86863ae

SHA256
72ad6d4fd7014fe86d49d17a3de3180d9ca72327db98bc26a56849fc6e747b81

SHA512
a109f4489c742be4df0c4b941a6fd7121d44388f00d63e05c5fd19c4da270b257263819491d316ff33a3f0f628c59b96f65c7dbde96b2f5f5fd1ec3a319618f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
34c1c1fcd7bc00465acde9c7e20a8163

SHA1
7190bbc9f4597e4a4cbad9287f2cd3b1a488ed6c

SHA256
0a49bc29fde6f20955c6fc767c34003167b1f4a4dee51539ba044358ba5e0b23

SHA512
0bed9348c398b21d721b2cb4a9c0cda456b0fd508826969cdafb9e8bb240c2896b87b051c0ec92befe760b4767268e2cc3dda2ce58813c76cdb3a899df94c19f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe571d0d.TMP
Filesize
103KB

MD5
8f515fb935df4347cd32c1efd74e991b

SHA1
d2a9a4944464dd750439d6292c0e12e26bab3e21

SHA256
fabe541ab5654428ad5be55fa0187f1bd9e49866bfd2c4f0857d1521020518bf

SHA512
064774b291611b4cc270c96c414cfbd6253b8275b26e7469b3b470c10498f92d9d340cdb268e535f72e5ebe9d6687d1e146bad33ab94be93fcb4cbd1607f17da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4492_ZDFXJMJNSLWSUKPH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit