hxxp://links[.]listen[.]napster[.]com/ls/click?upn=Gwd5Sf6eI-2Bgm4OtjJoeRJ8ogDOlvcIbWODT8ledGoSJs99A7T8rkkzgZzUWOKeohJorFlabCXHYoL4TJlRwg-2FOopdiMfn37ugqzIjRddkAIMOBLZkB5DC1MR2VgvgmgWYkM1RdmaXJF89astZIP-2F5ewa-2FsexA7G2ug4gjJPJ22HgOQeSwv9H9-2Bm20hPHSEPDgvT-2BIQarYYsqHG3-2FYLmeKna3HsUFsAYdY4san3dWcZtychKi5iVw9yXIRVilrzd3rxLV_9ejIDWOTcARct-2FDXzN5-2FJjOn6bLjytZOvlpzyUThwwpZjD7OHQr5PUAMZLQT1n3naT52U941j2CrdUzYyJLoVAFxLHyDaRKlkbURHvjV1o-2FfOLAAFrevpfqItruM7XRFfU0h26lxIx0oeoVyXtvBKxrPd0TTdH-2Fs7oi3lNzU-2BgxND3Bk8Iw4uj1S8fZELdSQVEnC-2FlRL7PGtPOAnxK0a-2BgsGfu-2FChRCSu0ZakQ6ck8HaM1bHqH0KicJpkw9STLb7eiYVwinGSNGdh0ValciHeK2l58N8xJjXKVuG3NSIkch1OBz1ah5FXN2R7iS9mRLTfpXlySCaUpNFxsVGQIweCIuFN-2FcXmS9u-2B2Ya520HtVtW6QU-2Bha-2BT8yGg2CiOlZPKEZCMVntYWN-2B6i1HeiTjaAA4uaSQkH-2B1EqlKr1DTmu-2B-2FuamJsoJ4DFxiDAxEo9yQ1Y50sk0SiClgv4fah0R2qancd5Ws8s2W5hwWMY-2BqT0BcWaM8uRjCgQwbY4hsB9-2FqK9d9UAFck1c0Zue2M7Mz8ELYQWwEA6JuPJSuHu1lE-2BZdMPt0aoPCyesdPhui-2B-2BnNGV76WVRkmn8gQgTIUrx8lFDOwLEl5GbAywluBw1qf-2Bhxi0btBxx2UgzD1X4zuvEK3TtPYDNsAQaEyxovVi9MbSweClDn-2BZbyM4rybliMoNS0-3D

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2023, 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://links.listen.napster.com/ls/click?upn=Gwd5Sf6eI-2Bgm4OtjJoeRJ8ogDOlvcIbWODT8ledGoSJs99A7T8rkkzgZzUWOKeohJorFlabCXHYoL4TJlRwg-2FOopdiMfn37ugqzIjRddkAIMOBLZkB5DC1MR2VgvgmgWYkM1RdmaXJF89astZIP-2F5ewa-2FsexA7G2ug4gjJPJ22HgOQeSwv9H9-2Bm20hPHSEPDgvT-2BIQarYYsqHG3-2FYLmeKna3HsUFsAYdY4san3dWcZtychKi5iVw9yXIRVilrzd3rxLV_9ejIDWOTcARct-2FDXzN5-2FJjOn6bLjytZOvlpzyUThwwpZjD7OHQr5PUAMZLQT1n3naT52U941j2CrdUzYyJLoVAFxLHyDaRKlkbURHvjV1o-2FfOLAAFrevpfqItruM7XRFfU0h26lxIx0oeoVyXtvBKxrPd0TTdH-2Fs7oi3lNzU-2BgxND3Bk8Iw4uj1S8fZELdSQVEnC-2FlRL7PGtPOAnxK0a-2BgsGfu-2FChRCSu0ZakQ6ck8HaM1bHqH0KicJpkw9STLb7eiYVwinGSNGdh0ValciHeK2l58N8xJjXKVuG3NSIkch1OBz1ah5FXN2R7iS9mRLTfpXlySCaUpNFxsVGQIweCIuFN-2FcXmS9u-2B2Ya520HtVtW6QU-2Bha-2BT8yGg2CiOlZPKEZCMVntYWN-2B6i1HeiTjaAA4uaSQkH-2B1EqlKr1DTmu-2B-2FuamJsoJ4DFxiDAxEo9yQ1Y50sk0SiClgv4fah0R2qancd5Ws8s2W5hwWMY-2BqT0BcWaM8uRjCgQwbY4hsB9-2FqK9d9UAFck1c0Zue2M7Mz8ELYQWwEA6JuPJSuHu1lE-2BZdMPt0aoPCyesdPhui-2B-2BnNGV76WVRkmn8gQgTIUrx8lFDOwLEl5GbAywluBw1qf-2Bhxi0btBxx2UgzD1X4zuvEK3TtPYDNsAQaEyxovVi9MbSweClDn-2BZbyM4rybliMoNS0-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133328516443957984"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
5096	chrome.exe
5096	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 1620	3836	chrome.exe	86
PID 3836 wrote to memory of 1620	3836	chrome.exe	86
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 1904	3836	chrome.exe	87
PID 3836 wrote to memory of 4524	3836	chrome.exe	88
PID 3836 wrote to memory of 4524	3836	chrome.exe	88
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89
PID 3836 wrote to memory of 1120	3836	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://links.listen.napster.com/ls/click?upn=Gwd5Sf6eI-2Bgm4OtjJoeRJ8ogDOlvcIbWODT8ledGoSJs99A7T8rkkzgZzUWOKeohJorFlabCXHYoL4TJlRwg-2FOopdiMfn37ugqzIjRddkAIMOBLZkB5DC1MR2VgvgmgWYkM1RdmaXJF89astZIP-2F5ewa-2FsexA7G2ug4gjJPJ22HgOQeSwv9H9-2Bm20hPHSEPDgvT-2BIQarYYsqHG3-2FYLmeKna3HsUFsAYdY4san3dWcZtychKi5iVw9yXIRVilrzd3rxLV_9ejIDWOTcARct-2FDXzN5-2FJjOn6bLjytZOvlpzyUThwwpZjD7OHQr5PUAMZLQT1n3naT52U941j2CrdUzYyJLoVAFxLHyDaRKlkbURHvjV1o-2FfOLAAFrevpfqItruM7XRFfU0h26lxIx0oeoVyXtvBKxrPd0TTdH-2Fs7oi3lNzU-2BgxND3Bk8Iw4uj1S8fZELdSQVEnC-2FlRL7PGtPOAnxK0a-2BgsGfu-2FChRCSu0ZakQ6ck8HaM1bHqH0KicJpkw9STLb7eiYVwinGSNGdh0ValciHeK2l58N8xJjXKVuG3NSIkch1OBz1ah5FXN2R7iS9mRLTfpXlySCaUpNFxsVGQIweCIuFN-2FcXmS9u-2B2Ya520HtVtW6QU-2Bha-2BT8yGg2CiOlZPKEZCMVntYWN-2B6i1HeiTjaAA4uaSQkH-2B1EqlKr1DTmu-2B-2FuamJsoJ4DFxiDAxEo9yQ1Y50sk0SiClgv4fah0R2qancd5Ws8s2W5hwWMY-2BqT0BcWaM8uRjCgQwbY4hsB9-2FqK9d9UAFck1c0Zue2M7Mz8ELYQWwEA6JuPJSuHu1lE-2BZdMPt0aoPCyesdPhui-2B-2BnNGV76WVRkmn8gQgTIUrx8lFDOwLEl5GbAywluBw1qf-2Bhxi0btBxx2UgzD1X4zuvEK3TtPYDNsAQaEyxovVi9MbSweClDn-2BZbyM4rybliMoNS0-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffe302a9758,0x7ffe302a9768,0x7ffe302a9778
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:2
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5232 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 --field-trial-handle=1792,i,505719927806679320,9975067020633957218,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2812

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
257d428b40d2963a23c9f07ee8b657c6

SHA1
2a1dbd9878acf3a3e72f60e5f04231715039b76a

SHA256
b6378df309f06cbab72209381ada99282a43bc28f2ebc8b45b6059e051ac3809

SHA512
5c91b4702b58333c8a54834a1af08f8e8f8d17b126d9e791e515e5bd0d1b7173ae12f519ff6baa2e82721f8a24426a358f045e5d1fdb260599a43d1f711114d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8f5e4d2331a40dce31bc28b74452086e

SHA1
8fbc398b0c5bae9b960ac076babab8b8c86b5ae3

SHA256
996a6e61db3bf613149bcde465ebe87e017364af0780ef9396675ab10a968e86

SHA512
d0412db8092bec9d6066a3f9e1521af7c82df9a7615eedfeb2a55a0488302900717b071999f5b04816c73a2b6d774d48e9f32dc73977ba1aa61765e7071d8b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
34f5a58269bcf1d042a08461b1bd1a5c

SHA1
c18f3e0037b49a9c839e7b7235c3fd5f35632c6e

SHA256
65ad17080f22a6e2fee9ea0590d4953dd2b76c0789757bc7453714b7a56652c0

SHA512
fa6982d741c7ac501ba539f75bd49d038397eda0bf0e0ecc3236fe1284ece6826a27e79b9985dcdfcd4d3e8c829ea2cc207cb69ee6b3129fdc47e059ef88842c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
945c3a8f187bfe6162aa1e972a65e0e9

SHA1
ad80efafd8b6d822afe5fe30854d5a19e56daa0d

SHA256
672ea02827eb68e6b4fa823531fdbcd23c92d71bf970bd596e34ec97b4bd3ae1

SHA512
db3f9c15176768216f22c7c597f63eab18fc788e1d576c217c150897dc9310d1406b8cae7f8da7bc51f988110fd60d58add13f90510eca2175ac6e40c6d3d980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e24382a761095d717fa148f0dcd6ca05

SHA1
c42adefaaa127b45a0043441acd56d94aa1b522d

SHA256
57a5e043ca998bff455d73f47cb0e34bc3ca394413ad6f70468e48d701e260c7

SHA512
a5c08c5867e653bf964a0e9f800f735b10685921c73d09354bd1d13819f487c451b3cdaa6d971075aa718fd36b8f6b97ecbbdf236110fd35fbcda0de969c205d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
03fa52c24b2afd394222272ab61b645b

SHA1
f1ae3074d1ac975759266b7b6d17b537a4046cf0

SHA256
efdffd35516645bc1ea9ff4cfb261b517a4cac3dddf0f6c54a5f7fbd905f1fed

SHA512
917daff5b5701f3734b39daedcde653b589155f31507462a6d1bb2d4850b40ba447cb51675c2036531b3d0e4a8fc0245040ff012d9c62424ca6d916f98c32434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fa0a1d23d709334134b0578b23aa758b

SHA1
9e78f2db9eaf31d857a3d14d786e805ec54045a4

SHA256
d70ccea8c623b607ad1beb15e1349f8a4a25f497ce6561b10340f39a2684fc29

SHA512
f08ea9bbcbd5841b222377a683b7d4305d576f0d8489307b848fa190efb47f91c2862d5cbaa9b252c4be0029bb63ff675988893dbaadf608b115f92b93cb158e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
42f518e91578a6419cce415d317b9654

SHA1
ffb7ac7168a5cf0d2826e83cb6e90565f55a8b79

SHA256
8d537b0b13d8d083ed19b98e4776f324595d48e83e75834ceb8347117d44735f

SHA512
8a3811582cfdfb8438a372fd2368f9fcfdba0c66281819f881da740d25f1dcaee0fb8efb2f501e6bd39c97beecfa88bdda72f961b0dc5cd8200324597af907e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
3ed5ac9982fdd0f422263baccb7d89be

SHA1
65570ad7e186a52559dac74b094becd69a6ee453

SHA256
d9a56928bf9a4f66c71bbea52c58db10d888fc6532e16a385dc2f4a24bd912bd

SHA512
387bc9019ff5d1c20464cccbbacd8f551ea26182845cf9c4bb0ab69bc78920b9a8411875e2cf4d93e064d9b00321f6d6b5da3b6c2e2dde7a3500f056a8687b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56fb1e.TMP

Filesize
100KB

MD5
c09447691d91f9766c26029c2206b18e

SHA1
767abe000d5d7c4335005e5a7ca51f33d48868b0

SHA256
c64dc4209eda09c09a6f94081e3c659456b93fd9eb29607b9690e4f6de7ca811

SHA512
964e10c7a6ac86a68ad5f9ff7239bb872fda4b17bf66ba70c82f9f4ebdc3220b3f9728983e0786a10e5f5196ac242497e8f9f43b6a9d0b5b6b55065a14a146f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit