hxxp://p[.]rfihub[.]com

Analysis

max time kernel
149s
max time network
148s
platform
windows10-1703_x64
resource
win10-20230621-en
resource tags

arch:x64arch:x86image:win10-20230621-enlocale:en-usos:windows10-1703-x64system
submitted
28/06/2023, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://p.rfihub.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133324459118156281"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1908	chrome.exe
1908	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe
Token: SeShutdownPrivilege	1908	chrome.exe
Token: SeCreatePagefilePrivilege	1908	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2032	1908	chrome.exe	66
PID 1908 wrote to memory of 2032	1908	chrome.exe	66
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 5108	1908	chrome.exe	70
PID 1908 wrote to memory of 320	1908	chrome.exe	68
PID 1908 wrote to memory of 320	1908	chrome.exe	68
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69
PID 1908 wrote to memory of 4320	1908	chrome.exe	69

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://p.rfihub.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9427c9758,0x7ff9427c9768,0x7ff9427c9778
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:8
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2644 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2652 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4396 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4744 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4856 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:96
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2928 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4848 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2980 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:8
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4932 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5000 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5040 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1668 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3036 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5716 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5732 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5904 --field-trial-handle=1840,i,15407988755210884156,8882847902083078541,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4688

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
69KB

MD5
987edae1041cf0d45c2887f6455cb66a

SHA1
8c467f6d7b8c761acaa50ddf4d30b3c7eac6e0ae

SHA256
b18d4fb20951e267ed35ba9b72a16e300bdfe7286077acb9afbf2e97a4deefe4

SHA512
4d4b2a72f0b25113b079935a186994e9d2cbda85497acb555b7073e395a8eed5eb85743f22cda2c9f6bf6877408d3950da1d15aa6f3ee3a72c23c9b1fc10a76e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cfdf124df332bc3727217672d2668370

SHA1
770c9759dc23af48adbd747505d875c83c7fc5ae

SHA256
0d6dfa038a3b98a4dc3b8ba09e888420b3939f87bce4ddd5a074f55beae9778b

SHA512
71293ed1a4ab71fc615119fdc021e09ac76e2e2114bb93e8ea2fc860c0d9eecf91755fda806514df43cfbe831fb9764020afa829a9bd733a5018352793180336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c23220e7df5070ceb7c19d6b46704b94

SHA1
29673b2d03a5fa7be7313ec5cc121cf36ec5b654

SHA256
fe4cba473363a4d96e2f48004c4c9c436d2a156d4fcf5e7b8c87ae36e8cc29e7

SHA512
a4aebd9f746e39ffde5e98151cd8d52616da4e3812e80ccc120b05473f286524e9193e631ac65cee2da1a1f3205a1c4792c0567a936706cc19513b35c2adea4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b1116a8579ced39c555d39b4c1372a4a

SHA1
c5f6b00c20add43b74d09d6ca81d0358a01d30f7

SHA256
1d76011b31b7d4aa65a89b8123cfc0d9aa8e3a7850c4d7b3d105584a2d8c2e25

SHA512
77b7177da048bfbffe008b64d3b397dcbf7a72b23a77de2514d12134d2d90f7de0eedf169f77c116906c3b07d8865873414769265ca65868153e1917f8484d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
c0320fdf5fe8f30f77cfac23e71be0c9

SHA1
fe11d4c1cafb4c2eed43a055e7d0bbcd4ede6e9f

SHA256
524e832a8f5d07c123f6e1e91f79a3c708a4eacace11b54dbfabe53fc6a4845f

SHA512
fa1b08f52655d7f9647ffe195e4a3374a122d9964ebee73f921b5e1710368116aab1ffb0a6bc59e5a1f1e73ec18a59fcf2dbcc73de337bc79203a14b6c9353b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e0f47df8618c831dc1b15c7b0c6eeaa0

SHA1
71208cd3c7e5da47e62196f103b8dbe48b34bbe0

SHA256
421e97d5b77fe3d2d749a27c58ac318f8bb58eecf4d6f536f2720621d12486d7

SHA512
e27400b1f943014de9190a2387753e75021ac6b8e9959ba9ed867892b626a0c4b9b06b284ad990bcef77c063c86ee255d489a9f09fde8091558e2a87a598c1c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
8ac2b114109dd9fe207f93bf20acbadb

SHA1
754bb579a12c33699dba1f2916b7fc2396d9c312

SHA256
860a6e7ad2c86b82ec5bcc37623bdbb552f0a3ff704cd72e320de5e6597713f9

SHA512
cabd1e7d8d415dc55cbd72dc16d5babbeed3c4771d491efd70273828ac12c6386de5da71aadbe2c06f5f371a51d207842223dbbdf949111b91fbfdb936f22827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1f232217509fba3b520b5ec117dc5876

SHA1
dd77550eb35e0b11df69d769b5e3ad32b5966672

SHA256
3a61fdf23d0892e2bbc1aee6f67cea59bbb9689d24d687122e2e102743603461

SHA512
07d279412bde7abe538b21b4bf0ae4639102965f7c8f21d4f8f6399183fd46392c5a27ac0e564f6fd2f10c3db104588976046a63e250baed4c0bf79846362556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9a71e039f8a2abb86b244b68cce4a779

SHA1
3e14c3e233962f25fdabfea9b87617509b97cc7d

SHA256
a6b072b3936f3a709eb55a24df327add7f3677b0be27b8436f71f93012510ac3

SHA512
e4b33625fe59698356ea3c9d3fe982c4af79595befe28a98fd05a218364077a549abeeba91f1f577db0531abcf5a3f39b7a60b3d38cfba5759da761c1638bc88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4ac32d4b3d93ac805f0acd266d5636c7

SHA1
f8ab2d14fa878629b4a6bb69e591f2b6808de8e1

SHA256
55b2294d86c59b11e988749e71a8845d48b8d2297f9d6de2a4fb69167c9efe30

SHA512
d444b7682d803ceaf7d763478fe8306fe951f6026bee180f445d2c5217f6c8eb31a2f9eb106015310a6c8bcb477a1fa55e4ccd0bccf96993a070f46f37307ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f6fc3c57a0acdb1f3d363434b1d51358

SHA1
c601ff67351cdfc1cbe36870b3e4eac5c6b7294f

SHA256
3a5b2860348256562cfe7dac4aec883418a7e9dd66105f4333bff1949fb69545

SHA512
6135bef0daf3bc331f4b76640ec6c0e0cb7283f79ea884502b411511cf5760f4b082d24530956714c94e91fc199bbe01ac7a78d1b9029f13167cdefa76e5eaf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
29dee38bca6b35c5f5c7d0a3e759e448

SHA1
a9a158fc37bf7b6448425563077ff32f3f8b1f72

SHA256
b0740a12889a5dd4aad10fcf47181806a4e57dd00dba74703c09d67f7ed688f4

SHA512
af869bca656c4e2ad8ce596b5abc64e85a627360758a31eb5475e7c9dfff79c7ffc04296e40f2b6a255452c7075651351f9cdf34b7e56e19adb6b0c38aeb836d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ebebe7aa876ac1e6e2e3226cea219353

SHA1
606d3403c500034601955ebfb9229f2de7223aec

SHA256
da80e2b3fb46c69af0e216504bb0854841ade9333fe5a4c9f7c4308d8335e752

SHA512
3e4db6d2c756cc04acab08acaeb6a4681cba3fd9e82bd78172e8d29ef238038f8da400510071ba851e9b9e845ba42ac5e3ac983bbb8493d0b04fda7f57f85e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
562feb42cdcf6e5170f2c030a0e943af

SHA1
f5e2fb6f06e7c181c15503c6740ff7290adb583f

SHA256
9f64da8ad9f4d0adda2c0330d8417cbe6a97a6439d08d0118c84845c40c05f27

SHA512
f95bdf7f1e77819671a762cf1ce0ed059103ecdafbcdac8596717ada938f8f7155d0524320216692be5799f1c2f3570bd40e160c5f3b5e2124303460b072dc39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
e2db8698c57479cf1e4209d4fda70f11

SHA1
fad40c42e98f7b18d25d7caabbae33017a44a85d

SHA256
cb34cce423d17f5421229afed56012fa9fb6ba9854034d0c5bce0a409600d25b

SHA512
0e915bddd9afd5ab15690cdf3e5a2ba294108c31833fe7b8e2ce335c43e87fb517089b54ed5eb550f994100d45660ddbedea4f05e4329d6dc0f2b96ed4b10f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
b474a8b9f368e8b60d8d9ad796067ddc

SHA1
5718de3441f6d237d3d3ca14ce28e224a644f827

SHA256
6f6460b8b28427f38859e8ea0692f9a2cc3c411ef88c78e48443cf9f12e8e074

SHA512
f053e149ceab4143322a973baed24bfa127d9ad2a582941e3bf152580497c1b1db8c471310dfa54f6b26bca2fcc10f04501f43affce8cc20ed8ba17a7bc39051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58072f.TMP

Filesize
93KB

MD5
7687b07dfc4d906da1bdcabf1fc60f85

SHA1
0bcf958d943f3a68176a14719059be008c42aa0c

SHA256
7ef2c560da36b514975c7f82e75bec2792428ba74cf873b4a6e5ddfa87d64b21

SHA512
1d9535033290edfffd83326fefad27c2ccfbe5e0aefc98fcd3e9587a38dcc6bb73719a47cd5de4105e996489d08e3f6399887086f35f8866fb3d0028ef3e8873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit