hxxp://94[.]142[.]138[.]105

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2023, 17:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://94.142.138.105

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133311520967015246"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
5028	chrome.exe
5028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe
Token: SeShutdownPrivilege	3848	chrome.exe
Token: SeCreatePagefilePrivilege	3848	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe
3848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 3676	3848	chrome.exe	80
PID 3848 wrote to memory of 3676	3848	chrome.exe	80
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 3124	3848	chrome.exe	83
PID 3848 wrote to memory of 2240	3848	chrome.exe	84
PID 3848 wrote to memory of 2240	3848	chrome.exe	84
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85
PID 3848 wrote to memory of 5112	3848	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://94.142.138.105
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaecd9758,0x7fffaecd9768,0x7fffaecd9778
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3136 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4984 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4680 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3124 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3936 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3416 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4612 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3136 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3060 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3936 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5080 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4648 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1044 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4680 --field-trial-handle=1800,i,10999679658536631494,1280885188220807369,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1996

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
77387d0511085eba236c35bb2af02c8b

SHA1
ae90fd3fe45bf9fda796ae0865c9063cb9fba761

SHA256
6f11d993227403dc32592e38f95f7fea1f9738c4c1dab9f4cc6f9da1fe837aa3

SHA512
afd0d5b217f102a19e8e3c2f92f84a22c324cea7d7fcfbf282e02a406bf4bcd451be6061b66e95efe6acd7ff75ea21a8d24a40e7579c85de8543e5e1ad8ee0d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
35e4239f17e17e0fc40254a73d736d09

SHA1
0484bc35ea10edb3a6fefd82fa1fbeb210739f2e

SHA256
86036abd2632e0192bf1865a089d63c071ef60d4cdf28428c8224ac91811e111

SHA512
a9bc61b552c501a3b1039d76e4eebbe60db9dbb5aec167765583e2eb92772a31f6d42927d7044d846db58bb798779ce12af8c357a33e21b72beaca3714e942c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
df5ca1bf16b3021fd7a793b194c27315

SHA1
f11e6ca3f82239d368fcbfd4c630f868c65456eb

SHA256
45d3eaef35045d05b6b6515478a0bf089e3d36b9a6e73b05b799b9bed8c281fa

SHA512
49411d47c9e5a19eb6bb20cc234b202577f04ac14de90b9dedb6f48907376698cc6591264305d3d23758b073018d26ce3e0e2a430350f6be649a04bd118a16f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a8d1781331b549b7417645fd16a4c773

SHA1
2a1208419cba191163dfd2300924c160ccc5a826

SHA256
5d26a2cb0737bce0d441e422cdafeed80d96da69e3f52f8a04b7de568155422a

SHA512
2abf32042603deedb00abd02d701849330d2794ed7da651b9421b65561204836a4349ee0a26580b8598833cb276b5302cc4eaaeb55f2b4d6be4ac834569049a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7589309dcf66cb9f61d4483260663178

SHA1
e58c56c9965690282f1f128051eec2a0d017db85

SHA256
08381b55533c6b0e9454c079425930be24806a6926d24b479e42abee3dc1974b

SHA512
d7cd5ba0e0e0ddd8fe5faa698f18a109aa51dbb1492d4ea69fefb64040056484e8120fc2c7f581d3921b6ae94800f0565f6fa8da332b62f2182e3aeb378a47cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
736421402e251bf42c39958074b99154

SHA1
ecfbd7761a76f43ea6b4128854e956c887a4971a

SHA256
e186cf4297e2378f71af57510d1736fa731f251b77c1e0b639540ac1027bcf1e

SHA512
78f2fd648f8d98607fc025771a814d1edaa819ee32f851eac08e3b89143bca1f552ac853a22abe906aa50d77b88d373fbbbb034943ef15b510bf13447064e3d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54767056d809b0599a26c3a113f0944e

SHA1
247b4872270d72e03211900c5dbbea666cb5fde3

SHA256
4c0c8cf7d943b931151a5133fd54b454058203f7d24949f4d9fe659c0c19e4fd

SHA512
d5c2ba1b9362f6c301a2ccf77bf75ebfea8f3dc70923d38b141d2b3c5af3201a2eb4298159d7b522a6d646287cd2b26eb200f237dff5cf5e91347dcda7fa098f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
033b58b11d27d10ac0a6cfb5af43ab60

SHA1
077d41e9fa2156cb385135012d6e84a683a8a264

SHA256
ed6e5a8e151deeed4c70649ab53cbffbaae848ae9e444a10b2129da88306b4af

SHA512
943f0a62de030cfa4d730a90cc1cda54996b56befb17d6da5c4df2fb932501c37c099de1d078dcb888f9c9e6c26bf283d65b76a45763f2f7c53cba49cc18f9b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit