hxxp://chpd1p9j915u49mp9vqg4e6huenon5akb[.]oast[.]site%27

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2023, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://chpd1p9j915u49mp9vqg4e6huenon5akb.oast.site%27

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133298752518181545"	chrome.exe

Modifies registry class 35 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3444	chrome.exe
3444	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 464	3444	chrome.exe	85
PID 3444 wrote to memory of 464	3444	chrome.exe	85
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 3904	3444	chrome.exe	86
PID 3444 wrote to memory of 668	3444	chrome.exe	87
PID 3444 wrote to memory of 668	3444	chrome.exe	87
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88
PID 3444 wrote to memory of 4104	3444	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://chpd1p9j915u49mp9vqg4e6huenon5akb.oast.site%27
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd244f9758,0x7ffd244f9768,0x7ffd244f9778
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:2
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3904 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3796 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4792 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4660 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4940 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3092 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1796 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5488 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3348 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5428 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5124 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4860 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=212 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2840 --field-trial-handle=1820,i,15725700088817599338,9993673834819069574,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
06075b3d5e08a64bac277035432d283f

SHA1
96909e61b6dbf32d15d65a6ad30215cd46e33d43

SHA256
ba6ffa3a026447042f07835a3e90ef20b1dfb493ac4135f348c0f79f0c369ad0

SHA512
6bfb37ff3841300fb517db51ca2a8fa0db241f41b74e513c5f8ce578c5e949fdb9c3038e5c4f7ae6c1550a5aead95dee4d2ac5ac459a264305eeda0953418883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
6848f7c1b99ebab22a101d56df9ef826

SHA1
772c49937f73730933ffc7e792531eedb26673c5

SHA256
f409d04306603aa97468b33f4448fca3fc03a0342c6391770a566ef4988ca9fe

SHA512
73a250d7dd1e0050b11d16874cde163a88905e6e053cd792dfc85c11fdaf694dfd12ec5e0e4435f251ce4c0bf032e2ac43b784ec9931f45a28ab45c8dc85e966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e953d26dd713aa180fdfeeecd45d0c01

SHA1
929bbb8f3890ad7a488c9e9e7035285744262ddc

SHA256
aa64c6a70a246286c9ebc94af9bc23642f2c2aa2985a26d4f9b5228c0d13cd80

SHA512
bd9fcb11f417885ef33cea059cdb3bf0bef21a9d07cbd1f2f6dadcd7a56f745af2b9a6a15789d5d01e87147e0af72439efd01528277e3ac38f2351e2e61b2f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dceaf7fff09bc1497101166def53c668

SHA1
282a8352db7b9f6c4ac74e7c230bf0799df0462c

SHA256
30e3947a232c3fb4a5e93fffca76598dfcee7cf1acf3a8e39b8ba8a158bfab9f

SHA512
8c3387ad47a40110cd16f0d4c7f2b1b750c0a6660b2dc329c7ec2b41bc2b1754ed01021d7580b5569602a984cb611779299c9af089a758aaf7ebc7127078d0f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
5ca9988eacd0f3f1d1042c1f2fc0f5ea

SHA1
22dab2e8a8e49f27dbefbdecbe3fe3475916c4b6

SHA256
acdd90954fc1df707e1292083e3f3d91e2a2f63f6e00c8387fa8e29a3d0f2ddf

SHA512
c07f98e03d40eff52a2864110f5b161e45aae18727e959388b414f320ab1bda9260946de2ce6d3cd57df4e33c7a04b7906e6dab5f9ee5e484cc93e604909b1b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
37fd0fa3c3f0d4de3db541514b02cf6d

SHA1
20c51c3d0e840574a7d10859cd7c185a4744ad41

SHA256
10508db627d7c49db1fb283d8319c4acb3fe24902ecd51da8a85b77317c6a47e

SHA512
0aff1532b4db6390c4589c27ef6f2a9c30fd5881500f0e4aaf7babcf094c9993362591b325e655a0fba1077effb2120c4494e8c67e382b69bfe265f1a6093406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ef0eac86-8398-4db1-8209-f9357548a05c.tmp

Filesize
535B

MD5
c7d4e390af65abfd716e84cc866bf440

SHA1
04fe38f68b05582bfc675e1cad825d51550bb42b

SHA256
ebaec81281703c4376d6b9d06a6681c9706441bc8d016427ebfcbbb3e83cdf95

SHA512
4dfbd9af85a4680b5b74905a0808729e76c5fb8d208e3a515633ec69c7ca6714088d7591ebaa53f3dfa7e39d69485f645367816736f6c5af2482ac76361a2b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2e6a73ad9ae46bf71a2ec9cab8994381

SHA1
00698c30186ee8def00d315dd4394ec76ac5edfc

SHA256
5806aca89f8b88752d5e0fad15704084a077889ce80a48f90b9822dc3cf16255

SHA512
2593772d6216c9757e3e65c58be0f0407308fe4c18cb32f5fc122388231017b8490f4e294020850ef95d7561041fa86003e029068741a7a7bb962b0d2de52acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7c9da801422182e71ec6f7a0bb0147af

SHA1
9fdfc4228fa5ee0809cacfc4fe6e1722a73b9de9

SHA256
c205674aab4f3a36639e8ab6ce0683f02f6ccbb20cc5fd865f08c10155dc3b9a

SHA512
740215b194060a02e848fe3c893dbeb3f67db5aa59f662fe9fec6858d5f3dc7c0c9903c1745a6d9c0b77cb8b2854a6b37b05663b425833769abd7ea5079ea2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
df01396386e19a16f2eeaa718c88dbd8

SHA1
69e335ea3f81160a85741d24d50635cc99b1d163

SHA256
08b9bffd2a138a23392c4c54b9bce2e4ab1295aa4aae4acc4f907babac344960

SHA512
b4e7de26fba064e881bdefa987d887693690e9c44d40f69d8ffb1a7b7199e6bf5f2b7836b4f84eab566414d2f4752f93806e4d847abf03904e2fbc04b65fd23d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
884c7cd472babe759a539ecacb5bb92c

SHA1
ee5d8b50ed4eb5e7855bace5400182884e5fa198

SHA256
28e5855feec03689b8a3c8a40f426475498e220f6e5abd7286edd266a5378a7e

SHA512
38dbcf671d3e425e422397fe697facdcdda48fbc9977427239b17271cdd095c41f36caf8b34610362c0af5dee9d64ce01ec9e2b81988793b0ff727c27b034784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
361b3b1e61194cdb75065b5de9ae000d

SHA1
7016737ed102a19a7b9af8b690d43d1f7f323b30

SHA256
45599d3681eaa7fb6da755462b17894fe59d1516fd790290e83ff1ef520971a3

SHA512
8f1c49db478062d50a2588157fcc92817d420d4d1db6af062ad63062740bab702b7d0e4feb95b3789c1871fb040b720266c73f96a92f17b58da693c2331218dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
42260e4162fd402c6d8a977e64aefcfd

SHA1
19e2ea2d2a63624f98d6f07b1611e891fdcf929a

SHA256
1760703ca0223c3fa7dc2c28c9558f10fef70ca0af84531705ed14b897dc89fc

SHA512
658c85da5b4559a14db295952c748dee37afbd8cfd2d5bbcbde7a297375beb5fa8c4935f6dad3265cf2172ebdd57e469fe19ce569abe8ea842e26268a426d887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
1a655cf985246c35dee44ffab39b4cee

SHA1
078082e39fccd2829df22db397775f88021edc95

SHA256
b80401995a49d7e5c81bbf119111301f079dc2f8a7e51386a1eaf69db216e2f5

SHA512
9d471616645db2f55727fc5afada95ed519b603c66e424a49fc18d202f96eb0314a7eb9aed337ca989b4da278206dfd19db1a5feb1155ed3837aef8e531d830e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
6beb4331d279726c6952aa84f9e82043

SHA1
2554f44800f1ecfc2566896af77ea5a57e000f06

SHA256
669b51b97e1fc069da7b5a97fbb4a298d0fbdb675710ea4fb0f948e43034dd08

SHA512
7a5b83d35def756233fbafe6d6cdce99956d8868407805801adb5225699d87a3f4bbb1aae1aeba618175eabf35834c04ad2c813a09376cbe9a5e41520cc0fe0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58219c.TMP

Filesize
100KB

MD5
e0450359ab92b265b2d159a6107180a3

SHA1
e983b70ced716c9f0c54c6426396c1019434fe52

SHA256
87fd22c1199405490c028ca69dd16885f204ce56688395c653fed177da5ac34a

SHA512
d770a197e02d0a3b146091317ff5d6ff812abfab76f5e8e52f740ea3980b505ce2a7d29f2582f721b425c0be27723167d634148dbd36a0e07fffca9f5927b2c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit