hxxps://free[.]rustche[.]at/

Resubmissions

03/10/2023, 23:35

231003-3k8j2shh43 1

21/09/2023, 02:22

230921-ctvrfaec72 1

21/09/2023, 02:15

230921-cpz6csec32 1

Analysis

max time kernel
277s
max time network
282s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://free.rustche.at/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133408497441008611"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
5368	chrome.exe
5368	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 1796	4136	chrome.exe	34
PID 4136 wrote to memory of 1796	4136	chrome.exe	34
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4048	4136	chrome.exe	88
PID 4136 wrote to memory of 4448	4136	chrome.exe	87
PID 4136 wrote to memory of 4448	4136	chrome.exe	87
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89
PID 4136 wrote to memory of 4644	4136	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://free.rustche.at/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2fbc9758,0x7ffa2fbc9768,0x7ffa2fbc9778
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3940 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4584 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5584 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5652 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5320 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5092 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3208 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5904 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5960 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6060 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5372 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4800 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=884 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4788 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5980 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1868,i,6790298586004942183,14282878731459123451,131072 /prefetch:8
  2⤵
  PID:1636

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
a58060d9a4c66217c766eb1af472d482

SHA1
5740916b3cc4e1c6ea163865ced8f4b756f8de85

SHA256
982cc2f60d4d1844815b5badb63ff90d590126d2fee5dcfdf3b463fae4b13e4e

SHA512
aa69de1896df2e6f5ecc351efb8df20b653e14e9f7e9392b05d1ffd647cdbe2169ed2a9125c76a33a93e5a83c1f623d486ad282d33aa7f64a81632605ac39f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
363KB

MD5
f095fd3e77c5f5a1c72e8a726fe93011

SHA1
e89816026d5232c9a9b2b9a2df7a7edf2b29c9fe

SHA256
3f2cbe61c0a84b3b20dcdc8933686c0ca558db444baf701621d6fe0b49abd77e

SHA512
6d3b9dd5457cd1b7331661a698993cdd921e6822cb6126e014f995e0b546912a319600a8a46506b5896e6d8d7ba7fbd83ef65296d671a65b843dc0ceeede5ee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
81KB

MD5
971fa1e83226c81f2b52021a4bc80664

SHA1
4723ced7c615ad86685bfbd68aa64bbf5696ed3c

SHA256
9c7ad646c4b797ed695eaeab70562f12dd4e0168c98900e03e30b65ad6e8a10d

SHA512
a43ed900a1f2f65e1da5f9acf7de702e12c2ab157f5442b174e83b5d9712cc23afe4c031a6bbadbe8dd2b5a07340fa5c11783fa95a613daa1cccf3c330835668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
2.9MB

MD5
8fe1b43957a3f79f12c90abbfa0f09d2

SHA1
1bebdbf0a8ff527c112317dfc62ae8216bef827a

SHA256
00718df22ef9ba57f5323cac38de601b47013c1b9cc464e27a3ddffe546e31d3

SHA512
6699dae763839546885e95558f55e653443001fcdb421ad452f3b878fb80fafe920bb9c83cf755cff1c9cf85803b41b7938309941cdbaaef756f387b6f1fba43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ea6902d9f631e2f4df9fa33bb0dd8154

SHA1
302b37a33cffc0639a26e705f63a75a768c81e85

SHA256
2b5062b5e35938c4a813b07f6393cddf70e48d623bf28f8c6331412f6b3b1390

SHA512
2e4299854c792dc8d71c2c5c0101058bc0512be4d56c113517b27a36e6f99a0e7b5df07d42507aac06b5bfd88d564f15c4b541a29334059ee47ae037d2eed63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ee719b19393446e610998009bad8212b

SHA1
915b4b938dd66062d4134db261343f851ace5670

SHA256
e23ef6e501d2ae306c85792b59a2b769cd34b42b2addc0b069ab5355a32b8b39

SHA512
b88d75921f1d3a0466a073f8c80fcc734e9b826e1360238bf8ef5089f9c77eba35ff3415dd292bc2c4852232f8f6a85451cb11dcbe2d1ca4f93b537953c783f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f9317f7267b0b50647757256cda5f49e

SHA1
cffd4016b3ebb5b2f823603d0d473ad96e8ec255

SHA256
ed96c19cffad75de43faa25238cd0b21b0c582a13e8b8f04f6acc3d721b36995

SHA512
99f71c82268c41e49d6f71dad0b31e8b6929c758e8334e01adb2358063e5f4602c51286a3be0f23f5dc188fe284d319fbc8d731c8c36b812c92b890d041b3cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3d97c78c4e4499ebf070ef984879aa2f

SHA1
c6484b86f33a180c0a4e8bae4e648ffe1417818d

SHA256
5d4c03a6bcb125d0e0cda097768420a6ed69f83abfde8a59dd0f7f9630372737

SHA512
87f6952999a7157d938fcc3e22f431cd0b04c7e378890a97822b893be3a91a83648fe2152985905c9f8b3f95bae017cce4741faf9297945f2f81a3de2c56b1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7e7397c8b453e9ff2eaf5ae19980a7b6

SHA1
c91a435c6967c8398c7e6600b3e2abaed20433b6

SHA256
0fdd997b580444e9b89b51a5190004d94339ff6279cd2a60c34fab6bbb443a49

SHA512
0fa84580400210f385401a3ff712c5107fd6c28ef013b7ffb27e16a5c7c18e2ae33f576ca52ebbd91084e24bd35b14ed8a58833c4c82c01ece764e869b49b052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e81982c0bbeafbe1b33f22132403d0cd

SHA1
53dcbac0d829d379b8f7051fe2ccce498cde9f79

SHA256
d23ada32c46c648809a17ce4e6a5b053d665391d706fa74347e71adbf18a88eb

SHA512
8abe11626cca495a0b354fe935b796da5a7fdabda56b4bb3f2e1f8d1f157b2d1c8cfcf20cc050089a0e55cdeec802ca39406a8e0663034acbdf9bad9ec2cecd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64bf7e73888fe459c788520fe44264d5

SHA1
92d1fe7834720cfe1fbec046766c674824bac0a0

SHA256
c37faa15d641e13eb3b205fc6b9c3fb9b5904d68347b9a976088a3a9b7a478a4

SHA512
5079575d2c298ecc0629697b17a48cd98adb20b4b3e50f2d4efe2772c964c3c6cb8edd537fab8363f44b26f3a8d66687de0077278a1deacc2cedebb4c44e12c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce09003ba7eabfe6941a3dccb4f35787

SHA1
5472001559ab949e27ff76aa26b2b2f0fe9aa414

SHA256
6ff532e17c62616d1bfdad3bf54f3dff5f089af12780306871f008deb06bea68

SHA512
ddcbaca7162a4f2599a1c67048b2dcf45924e0c779d5d702a460f1e2df4ed1773bad000c2d59477160600d92a3eae4692ee7872e6974264cdbae2a503cb8cefd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c522db7cb53bb04a3e2a2d5b5eebdc24

SHA1
53c0ee6d738f3a62d683505f2703c6aafbf7cbc6

SHA256
64a08eb315076f0dfa4ede3c18d1c728252f55f6082ba30e70c1f7318b7eefcc

SHA512
6109ab02cd4ab4316306114df67f1241487958ecaed73604ceb1060c1f3c554cc55dc9571bc47f3de9275136912461765d12890768a3b8a10fa02aeaf7eef9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
606a145c4ef907ee967fc3d9052f0555

SHA1
b4f1de8039820ca5d01278b91673c5a8cd48ca5a

SHA256
6288a5b3e4a58b09d4ef3b691b90ecabad782d176d3f34d55dda29702a8b8885

SHA512
42977ed53b441d592ce1704295cae1ed1755b3cfb0bff1ccad38607f4ce1e93d65cbd9dbda74c87b6ad39f62008c11a6495274e9add4aeac051a642e6189ee6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
04f06853d4a3e514c7ddd9ee44e02d99

SHA1
9e963944631191a863de6b727a705ba93be0a2d3

SHA256
518880b68557cc18a4ab1850f0f8889c2d6f024c45999679913a305d08324dcf

SHA512
30cba1887d622958341266af35428b525058c87079c364419cb814108cc249c7ae11fcd91289202a3cdc88992279deec6d3329f6f104881c35fa36c98caba949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
efbc0e2cce82cce6314d90ed2083193b

SHA1
515babfd7356a63ebc50e3cda54f7aa26abb1bfd

SHA256
ac12aeca72c7d3d974dc4c5f6a41e5c101e9b9dff48930021e07d2b4af49647e

SHA512
b85e518e61c98fbc7c5ab63ae4bd1b97fe755bd0cf9116cf70ebe03d170e294f5e64766e38e1a27609200c1e3cfdf875f6a812bf66ba8c5ace4323e9da33af39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b0c683a91b7b46c145b1e09d02ebbc7

SHA1
4f830d432d8db993c315fb36418393a7401bf9cc

SHA256
3a1396d594664e364f7f733002b8e4fe9b70302fd7a282e9b551c9c609bdba18

SHA512
7663eadeb8d8d3a7ecd8a47a89dcc8b1ca8140f68ac8a48a534de5f59624111354a2e0f30b244c64c0a1eb95baea1320931783c976556ab69362824d0dd061b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
310d821e1325cb0c2e7e28c59be164f2

SHA1
2afdac48432c93c370bc2a082a06cb8e3915feea

SHA256
a01a9de8650c6547cebd59f295f93e174772c91cdf852f567d5a682c2c7589f4

SHA512
2e649119f1182aa1531e608dbe586337c55e01102f2d139f56e78af33b6ec7993043e459cfc9b5c82886020c6b8343964a32c3bee971264cd6cd232e07f54387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
587f43056311090236636d92f06bd8f7

SHA1
d890793c0a6ad09b74f199978fa8d03ef70b80cb

SHA256
70fa6815c45fd52e7acaf1e89083f24cfacbc1ef9f9b88e1d8b96b3a1513f670

SHA512
9970e10213b4095b2025f0cadb3ad01ca2f55584d2eb47da76ac1407cf9e8b5f8f39a4ea9cf12476c36a86490efb51037769d5e57f064036cf638d7310155f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
91bb72264d5262ee9996c2456f91a63e

SHA1
48abc65f46ab4e35950afc1dc2b1b062a2dbdb8d

SHA256
dac76406b19da7e11b4f4e4a82990f60be48da018f93e15fe72036a53dca62db

SHA512
45e134404c3752de870fbe7c5bf335d7ac24e6995e63f239c16dc107f6c702054b1ea60aa80c578e28589945cebec102b8011542c233171cd9ecd109c9d7f487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c342ffabb77f5db0b7ff59828a3838e6

SHA1
a0f83683c40f8050446ebad11bc1622153ed838a

SHA256
fea60c7ff6ebafb35702dfddc2989917cd9c9174e692334fb87bd30ebb908c46

SHA512
03eb285ade48c7b875b31080fe97e8bbad6d970be468d2c60e24547990c4e5ff60948e3ab0d34a1abcd4e1694003f1b67a3f2595c60a7395e627f8154cc4b7aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ae28d90053bf75cd9eac008af02c5a07

SHA1
0329a266d96c0376d40892706e49e552025ae4b4

SHA256
266a2c29c1acb081b9631b19ee928448205a5a91043d196b2d53b0b6dfe33d02

SHA512
774c774f61dac2295d49bed9284fe6bf15846634b2f40e9f14104572ccc420c7f4abf82dee1b930ca4cda67c7848bcc5346c3bf471934939cf8efed442dae40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
487b1b726f4b990823b123e8547873f8

SHA1
21afd9459d96b39dda4b1b9d3705c18660dc0174

SHA256
5f2f801b54b2826adb68c44b89e9e0c4de25186109b2637fe34e2c753381d7a5

SHA512
04378d2ff44787093b10cc0ef29c1975ad49b63e8f326fe5ab079d30f5affddbd7b046fe834fd65411ad093ee4696227a700f4a474d6a3b3c95cf69522d2f8b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
d64e688ead90ab0e5a06ad50de98e0da

SHA1
7ecfc6bb85dcc63cbd7397acb49a973abb8ef95f

SHA256
e086a18bbbfb29c7fac1573caa0c76e2f6fdc6af8513ce384a03eabcb482ceff

SHA512
a44c5727021e20832a632ba83a0a8173301a3104aba39681212a10b4fc5efc0a5a9c62d644003b778ebe13d010e2f2e665adbf14e09d3c244b51735277fac6ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e281f43a67e4bb9909484e0de75dd9e6

SHA1
a4ec1a60914ea96de5954e8381b3b399517d2c72

SHA256
7fe1ec9f694794fb35719aada04ced4178bc5b574aa35d03fef8face3b0d622e

SHA512
bd36da8e386a196ec9a38cdb0ec7aac07e58e61adbc8c291ddb74112641571531851455273cb381d64e96ff86d1bd0bfd5e3f858a81187b7275baf7c7d222eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
21fee944d3e3e5af17fd6250edac3bf1

SHA1
c1f6803fd7bc9fa553d1913c79ab108d407b227b

SHA256
9eca9eb3e77c774af28af96bc45b474d4f92ce3870f81a975bf11a66a5149e06

SHA512
0ed2b08b20bf998874894a354bdb52b87dcb762bc031e90e24fb6b32781ee17ed403e4571c3bc2f8564b7477ae63bc56e5df848c1646d58134cebde8b506bd90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
d11b39d10f34d7e24a0023e21c6a6561

SHA1
63094186e4c92a57bb2408ac1a566192bab247d1

SHA256
8e56db2185a5b5d89fcdeb444fb895afd3ac458e26e57d9f13a88cbda2826db0

SHA512
45981dde5a40e9bc8f784cff0244b3cf96b0bcc650eb3aabb00ba8ccca0d7db7a7a073dc9a769c2e11a51f38fad52ad0f6d04bb007448b886544bd26ec628b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
0ed170e08bc75e74740430a5bb0f83d3

SHA1
29c5e3166ded02e7efe207f154a239209c6259f0

SHA256
ab9028091d4d49be474a279ac913e00ab088ea3ecda641ab445fef847ef56199

SHA512
8d35705e3ae2b39b93afc95931985c2f20c33d79e6f0bc02720eed2004db94b222f282dc8042d1450d67acdc0e2dbf93f25827f7887c87c40661a29d8ed2bfa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586685.TMP

Filesize
104KB

MD5
004a411fbeba9d1766f26395b434a313

SHA1
3149a45c96da53a136b1d5cce1fb76386b879602

SHA256
57048bde0323842a21f328f91af5600388cd689cd3fb0cb9ba856110c373a591

SHA512
69b387ac80f73a73399380b56efc1a2733e5f68a133544e9539d77293bd10746c92f99fafad622b87fbe9dc6f9a4774e500650ce9af0f8f8a9fa78306f0f2aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit