hxxps://r20[.]rs6[.]net/tn[.]jsp?f=0011s0LT_ZFYgzM_WLi4kKWE-eZTbTodjWpL1i3INl81L72E8E3L5D2XGpC2R-Qu_4SOLuSE8ujeGlANGLJXSdukO0BsqqzmAndZRM8DI0ir_J_fO6vLD9dxdNIkWF6lq5U_06-ZHuxHHGgLzIMSB30MM8DeELIDtYJJJYIvfRCO9oEndz5M9HvQg==&c=vunsj-6KFKSUA7FPXv-e7ZIOZ5e9rfngkMQTUJUwnmK7Ou1Td21irw==&ch=TK0hdOdAGGnxZMNQQnyRHQizUEf0NwZ2x_eBye-9kFeGizkJPRw9Mg==&__=ZWFyY2hlckB0aS5jb20=

Analysis

max time kernel
599s
max time network
593s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2023 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://r20.rs6.net/tn.jsp?f=0011s0LT_ZFYgzM_WLi4kKWE-eZTbTodjWpL1i3INl81L72E8E3L5D2XGpC2R-Qu_4SOLuSE8ujeGlANGLJXSdukO0BsqqzmAndZRM8DI0ir_J_fO6vLD9dxdNIkWF6lq5U_06-ZHuxHHGgLzIMSB30MM8DeELIDtYJJJYIvfRCO9oEndz5M9HvQg==&c=vunsj-6KFKSUA7FPXv-e7ZIOZ5e9rfngkMQTUJUwnmK7Ou1Td21irw==&ch=TK0hdOdAGGnxZMNQQnyRHQizUEf0NwZ2x_eBye-9kFeGizkJPRw9Mg==&__=ZWFyY2hlckB0aS5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133336610159345463"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
1288	chrome.exe
1288	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 4564	4064	chrome.exe	25
PID 4064 wrote to memory of 4564	4064	chrome.exe	25
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3860	4064	chrome.exe	89
PID 4064 wrote to memory of 3916	4064	chrome.exe	90
PID 4064 wrote to memory of 3916	4064	chrome.exe	90
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91
PID 4064 wrote to memory of 5076	4064	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://r20.rs6.net/tn.jsp?f=0011s0LT_ZFYgzM_WLi4kKWE-eZTbTodjWpL1i3INl81L72E8E3L5D2XGpC2R-Qu_4SOLuSE8ujeGlANGLJXSdukO0BsqqzmAndZRM8DI0ir_J_fO6vLD9dxdNIkWF6lq5U_06-ZHuxHHGgLzIMSB30MM8DeELIDtYJJJYIvfRCO9oEndz5M9HvQg==&c=vunsj-6KFKSUA7FPXv-e7ZIOZ5e9rfngkMQTUJUwnmK7Ou1Td21irw==&ch=TK0hdOdAGGnxZMNQQnyRHQizUEf0NwZ2x_eBye-9kFeGizkJPRw9Mg==&__=ZWFyY2hlckB0aS5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcfb589758,0x7ffcfb589768,0x7ffcfb589778
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:2
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3220 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3964 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3216 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4764 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4656 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3408 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5452 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4764 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5436 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4744 --field-trial-handle=1932,i,11931064283768535406,12402527261512463481,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4300

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
24KB

MD5
a42c6333a13e5376af95f46fd9c7b627

SHA1
57a98e519a44915e39a0cb6f23812adfa6611e67

SHA256
62bff9dd0379da44f9d7f739af671bb6b243c016b49c7146b431ae9e6b9cb41b

SHA512
68e511708465c75662845c55169de20572adfb359e1f4fd037c169bda44d853fdc622794912406b1908b585c3965d4a8612c007af9ca2601dacd4a14283fc894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
171KB

MD5
7a88e1edbba1ad7bd345eb14f1377a59

SHA1
b299cf2eacc2d17d1f2fbda9391079b6f05fb022

SHA256
3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c

SHA512
48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\76bc647d238a4bc0_0

Filesize
288KB

MD5
9de9a66d55ccf77feb32d63a12b9a23c

SHA1
7247cb0475289c4c549b8a0a0c21528fe7bbc4a2

SHA256
8ec86c1ec9ac62a474eb26ae313cbe8128e4208421618e198467b55f16447751

SHA512
b432d919289f9a154c444139f5b0ab58a0fc03843a0a9c700617dbca67f918b8ecdcb88fc1fd829a302401755d1174b47598c35cab0cd61d076583143880913c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f7e72f90e6cb5f74_0

Filesize
289B

MD5
e69fd0f663cc68dc9d94933acef5d9e2

SHA1
479c68595834edf23a5bc2835973aed478f2e2d6

SHA256
31e24f3e960d1b63b14223350dbc6bb3e12e6691ac24f55c0c4627ed468cec11

SHA512
9e702fc5882c61588716972ce167485d93680bc625316d2c35c5983816f08134b34d0edbf4ae196eb520d06010bd0d3f74bb4713ce451fcf9b3f80fbfbb62698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
68d606d13dda103f7a5876ae8111f230

SHA1
8ac8a2c7c0470cdec1355880efc75d82a0c01115

SHA256
ffa0379594e8c9342cb580747078a8203c39c7ef0585ad8e18e3e0cba0df708c

SHA512
586e55c2406b8e18c8b58562e0184868dc4f8a8d50688544394ba4ac743c9a54586f635c2075f8689dc341790c3a186a0354b460984058b95990b5d1ee019aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
78eee013948a26933fa29698a752d06a

SHA1
fd79545df8acaeabe2e0665922fbaaf332e347ac

SHA256
8b0afade106747d98b6d2317291052f676185dcd96bb21845f9546105afba2cd

SHA512
1c6a0a84799684a1bd07546ae51a2b50e196810b519670127271b929169fdffa22547941a2bd1b5477324b1b96eb3386281ed8884f7295e743c429eab6826833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7bbf175ac6d0bed9dbb0290e7ddb18bc

SHA1
4546d7830cbdf0e95062cd3b44b36b8962927eb2

SHA256
1c77f99b079446d133a40784a2fabe23c97b88c7b902c4669dcaa475c7f23b83

SHA512
fb9d71a1a5097793d4845213f11c338278a9435199ac0284e94e365026e2d7a7fe3de936f2365e48ba9cea387bd0a1ad2eea6d70a4936d7db216e3ac2fc12be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
c7eca9d0bdc97e10dd85edae7398c54c

SHA1
556f0cfb0593e3c87876247f8efe57612609cd39

SHA256
fbe2862592e128e29c5b04fcd8346178813e0cb74c2c0dec8fa8fd43835ca478

SHA512
ae2def61cb0d012c44b5975407209d7ccb0002d8ad51787f6dd3cc09fc75ec42005fcc93c034587c490f7821f90aeafdc90584ecdb9fd5fe96ed2912fe6f8359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a5c9dea0705ba06aa35eb8a54645ecb

SHA1
ed137e60c89ee0271f70c6209e636d59db1e2b82

SHA256
95af51376e6aeae12806f8f53e3c49f1a79e088ea72666d361c1a3f21457f28f

SHA512
6c63845cd11b557cc10bc4fbc4a6d87a0d9267ebbc922bc22541ff63f866155527eac3d0a21d6b4c34697cbb0144ad81978e25c848201fecac0ea162d0112baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2012b9500c209e501a1ac6f8ae8135e

SHA1
e74a17b1063319b2250bfe43cf54ab79a4f8e542

SHA256
340fb4c949ceb5e41b88e02e23b0392611f8b32e9ec7fad91237bdf4a662f77b

SHA512
230358de7617670ad2b23ef02a799b2bd481028ff5a729c258aa1c62e2a924bd509f735939f86babf381f9886d3c35750abb6b26125cf74c0b0165d98046157e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d28778f450d56666ae5e6d78dd05bfac

SHA1
c7bd20f54b2d251fa3fbebcdcb7bddb667e3edc1

SHA256
d3446ee253bbf038d627f45e9f43504b7f8b55287fbb8de7c2a4f334588aabd2

SHA512
c119dec5d57e8272f69290e6ea8bed3aea0e88aa7cf8346a5fd0d05e9185f3bc24d1518e9b6015ea92814c492f6be9feff7d81e6986bce6bd9f86d0034733d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
79db0335a22730b7d7964e4f06b19ac8

SHA1
f567c83b44b63ea65301da3dce1c1e7b994916df

SHA256
b298fe8dd3a3d80061a7c2a34072ffb97841b8cbcb7c56028af99efc6694fc0b

SHA512
520df23517476031cf94bbd60e5002fa7e7c3ab5572af12ffabd84b463160cd62af1808d4d5e078a48fe27a10cb53bd8e37c9aa62f07ed154bbf72326d159fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
8d96846000f8f8eb95dc3a49f8d3cf0d

SHA1
3355d6ca08c564ebaee29be5c7262af4c0001f70

SHA256
26cf3b40b3269f5e0181f92721ca1ec28a2c664664bd4ad7fb2bb12cdad4fcf2

SHA512
5af9a90ac52939e17b45f76939a03db4682ee278ab4ec8f40dee21847da56fe7649cf7fa54fcca5b04c32492101a29945bdae0f517a927c91bad3be577fe9393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
219KB

MD5
23079a11f2bc896183b12d3444066884

SHA1
19e87a7bb04e3f6ac5001c9666fe6dbcd5493fae

SHA256
d2b5302fefaa5d9b1f74e3e91e737090a0415ff8db7ffb6839429911adaaa6a1

SHA512
6f3c3888e3194c2c8656f71e7fd48421154add927fd639d401f994f05c9ca7c4657be8b83841f82f00b462b207bb928cdefd11267bb97cd134154c68f16f285f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
68b87ecf4a1e675520c54f80b2228c5d

SHA1
16da252c63bf6cf56369817d487efc05a1334f36

SHA256
3cc6d6d0c2da39d0a6d9ac2264c947f7fec35f4e8fdb4e5341e4fc544165e987

SHA512
f76fcb62d8d23b84f552d2df08e1739da5690224e9cc468503428ae89811e02c0d9cd968eb018493cebed62a04d45ada1c14e15e3692622b1207a0f78d3df185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit