hxxps://malwarewatch[.]org/

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2023, 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://malwarewatch.org/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133326052595115779"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2178924671-3779044592-2825503497-1000\{3680F52C-25D9-4764-98E7-9AE85C4FF5A7}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
3384	chrome.exe
3384	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1452	1632	chrome.exe	83
PID 1632 wrote to memory of 1452	1632	chrome.exe	83
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 452	1632	chrome.exe	85
PID 1632 wrote to memory of 2692	1632	chrome.exe	86
PID 1632 wrote to memory of 2692	1632	chrome.exe	86
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87
PID 1632 wrote to memory of 4912	1632	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://malwarewatch.org/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa43959758,0x7ffa43959768,0x7ffa43959778
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:2
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3236 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3992 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4880 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5000 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3232 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5788 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5200 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5932 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1820,i,5550343915661408116,12943962328133369328,131072 /prefetch:8
  2⤵
  PID:4012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4576

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3e94a97728d5ab0cd7cd5976a276776e

SHA1
c9a4840724158cf14be8173396adc6144887634a

SHA256
e84b395d24a93bc67a0b2cffe30cc8e509a79a4dd0decc570f48b578f38b1b12

SHA512
bc80265c057db7599a931a2594dceafc96618ff2e5df1fd01f15c01dfd51326e52db55332c5d4c904ba2e9568b6c4e8623a1e1ee9a31f17171d8949214097372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fbbf839d91d2dc225e85565f3add85f8

SHA1
8d5e98b26128d9b30710c113135d1b9f54450502

SHA256
ad7113da7eaa4900dbc9a185550ba8fb76504acf733cc11e62e1ee83301bc6c7

SHA512
d82bf1e77ee5d321e3a9c3805a131cb8663e16f07dab1d2ebc1376767484191e3843b2734b990e0130c747f9562c4edb0d8508de279993c7253a6a7c272d232e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6cc80dfe770910a630ed805ad32c4647

SHA1
49b18b51127b14cd8fd378c2073edb22a5378a41

SHA256
9e5e7e262224a65f6f51fd81382bbbf9705c11825669c45c1707278df263d683

SHA512
322abdabfb7d8856f0396fcf730c78eb43f18ed99b2b90e867814aefd7746283d8fbcfba17b4da1d0538b1a6dd148e78bb0f6a9d33da7c24e818c5a2b4133081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c8d9fc4af7e12717f7eadd6507d29a0d

SHA1
25ebfb283674010e7cd17d1551191cb0db7f7884

SHA256
e91bcf4ab8a8c3696b5f31b9246970aed1a06678c84a8327bca2f3a6cd61fc9b

SHA512
11c562b2a2066af878221434d8342acbc196f0eceed463febbf3457f27273cef7a50bccb02faf91918375cf4f2a3bd4e9b0baee5aa2173c435f69d98bd59032e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
0156c55c968a19d03f5eb7236347a5fc

SHA1
5bdc83dc66e8439a24c8bff89b7a9973bc750834

SHA256
8ea3a99e5cd8aebfafb71ffa7e162146c4428c4f88f039dbdefb04927435b809

SHA512
2a691a87b59f7319f59733b8970112ba7ded1da87698cae2cc09c7fdeb3c0a575b98779a88f50c9d595ef8a699c51a9a5dccbc8b33e7b761ff08804af01bc857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f2f4b88c08a2af3ca2ffbfa62f95eaeb

SHA1
3eaa2c725cc38a656790cc9aedce0f868c3acec5

SHA256
b6f1147b1a95f3877d9f60d4587b0b3548e490f08fd851a9e278ec9f268f3757

SHA512
8e08cdea1f9803d0697c63286c537ac42f41c304dfd6544f233b2db5bf24c166e2f74dc74f93297630fcbdf6be7f3cc25619d52b9bd6dad6e1b72ac0652153fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
53b04ca1fe9a3e80287de384fc087e05

SHA1
0d028b27e88dd1887ad800c1571be498677a0a54

SHA256
b3fb13c2ec005884fc6ef5b35a15100d2a50652b7827fca8059dffe69bad77ed

SHA512
b24c889c119e74d648055310b8993f11ec8d4f5c4560329eff15391717aed9d1c7771472f5c112e9701db8f44517a303cfa2fbe7b5b25ba505bc6ec30d3b6bcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cee998a29bacc369e0a9ff19436d623f

SHA1
ff974c3400fcabd23cb8e3f0e5bd46fb277e45e3

SHA256
cb31c7c306c4af9857b26af5ff8b9e0354617e17d89dc863fcf01a004e86fc7c

SHA512
f8fee556562def1c5050d23c6f974752d3a7dce80764c0046a693d3be5c432c053cd810970b82301f30ed91c12abf63914fae09021d56c8e3200f8e67390caf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e1042bf065fde309b8ec47c9ed5c85be

SHA1
3c986abab0865edaa4d39e24ad093f5b63b5f14b

SHA256
987ef4c116d4ae2373ff57ad894045991824b584038855daf0761a6afd1aeaeb

SHA512
8245c833f0383eff7da627ca97dfc338550cbc3d67d6c28fec47ac744f32649cd82cb421bf824c57faf52738f108fb64f9356711b6c861491dd312ebcd683365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
372e0e17d06aab1f9dd471d78c19b53e

SHA1
ca995dcd7cfb7417dc98a781ce97b15e40824d62

SHA256
9fd1c4fc8c78cbdf2d92fe72a25e5d401569be22f9ed0d53dc6c88b75cf7cda7

SHA512
3d3d49cbea106b5a095b28446516d277bc0e540c02cf5de793ef40bc455348c75635c7396b292cd209a2e62bd74ae84ba97d5315571480e93ae111dc02a6a54b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
58219356787dc29974277348f457e3c2

SHA1
838c48892bb5e6f79823adc1cab652fec860a6d1

SHA256
a4e695557787829187895069057d8a61e37546627957bab228328dcfa3af5f6d

SHA512
80dd209913f909009e73c4b310853d9c755c88b7a2b3cb963b8be718a143fed8884ad996f4a15cb7ac7b09d05e1808b378d52fb0a6f5f6c2700ebef25c06fded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57278d.TMP

Filesize
120B

MD5
cd581bfe6b5e9f0d5dd1b3985698841f

SHA1
70507d4fbd8b0f006639b4e80e6e9b642436575b

SHA256
cb43a612d224e5dc6375bcfbcd8944660b70debcd619a7199142570457212706

SHA512
4a173903e578c99099c575df50df96b5f3153888e76d5cd2e3317d673019c25870ef167aa931160deea025bb7959b2300792e8daf9d904792470854172739da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
5431e0edb019e9cd98e688b55dd91842

SHA1
69559e1f1b9542d25076f44c1c873ed80d60f406

SHA256
d3f514677891b6d2efe60f7acca10d494d4fa1b0bd6a9219f910d4cd868d47f9

SHA512
499e080d4aa316596254bb7409726ec6bba2fccb7a289a6f75e5547ec49e83c35b9e00929883d42227db6cef4eb0aae9cc0bb64bd336e33db31c224ae325221d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
c027bfca3d87b4f34738ca29a9e1421b

SHA1
715529e9998f58def189ac4c22b148f4f4880d41

SHA256
4bbd53fe1870097a75b1735a98797fe1b77896f61b3c6dc634ab5c14f8584762

SHA512
85a18a59dc3ce56b979df4839cb191cbe4ee47156ce5af9f37ed4f6fd355872575ed8bc0a0f4f3768bb709655806829472c7a1d6392cd14384f6216bc7690f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
14ea1bc52c6fb6e8d2b06ac36d96f952

SHA1
be710917842ca6489d6e9e45a79a6262d4292c6d

SHA256
31dfa900390892a5d3fe40076c41a63211563281b509f4b6d815a09fdd1b65fc

SHA512
325f1a4a0154356920310409e695afe26f8185cffe601d791896ffac0d60f92e8f8e0ea56e3dbc38f2ceb12e2accd395813a1e8fa4e70bd8fbfd14b0afd3bf53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
f7f4318cbae902c3a4e4c6aa96e75c34

SHA1
b009bb87fc258939369ac383c41220d25d37e205

SHA256
de856b6f3f3e04efb647d6a588ce7ea40e84fcddf7ce430c247894e07ea7d6de

SHA512
2dec7ccaf6734467d4aee26d41046f7caf008a672775e2745b312c436dc06cffd513bb6505adc6f8de970a000d0edc9a2715d037e267ba40cfa5aeab0a3155bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
11effd932b8fa48cc163f7caf8f7af43

SHA1
c4b15a57a96e931584af0aba0b3d2cf9d2985b2e

SHA256
d46b62adaf387a372597ac3e92d8894ef5afd4731490f5579da9b602d75a779a

SHA512
8190fcc67a660a5b661a83f4a357044c24eb98cc6e615d6e3f884aa4bf833a5f81a79413b03692150e876953b9a8940cdd5334716e71672212fbed36aae941b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
2a910129b5cd310fd43ba6233afe0db7

SHA1
b7130afe70be1490d5735015e17133239155e60b

SHA256
d1ce0de7010464819e791bff34f119cd85898e2df8a81bc8e57a63679a32f17b

SHA512
872424fcd6041254af20b952a0d39f70611ca0e6fb0b3a0a8781a882f4e5a58781b24f29949786f4e37d30e4dfa6e483931d71efda6f522d9b4b54bf8ff76660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c573.TMP

Filesize
103KB

MD5
f941e4136a517b21652a0a597cfdfdda

SHA1
dddf9f557dbf27f913e5e7aeb63425e03432e141

SHA256
d62adfb84ae3928ea1b5ae30dc249463e0fafa9d81350ac82c6047b443e81a65

SHA512
737b5eb7e23684c03e3b3e360f25ce5b49f335a746b9cfaa8c5895ac5300567dbf6a3a4d4dcea639c05e3d7b6a6c8bbb28957e8d86abf6a042c1302f5679bd65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit