hxxp://R4ohLrzAv67FQ4hNT7i4XwD0T6v5pO3eNlcXkK8t5CbOfayVmdO0y0nTbys68QiiJ3A0iBTl9oQ4rmc0CuD3Kc8N0zEze4V3H8syLQW

Analysis

max time kernel
599s
max time network
586s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
06/10/2023, 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://R4ohLrzAv67FQ4hNT7i4XwD0T6v5pO3eNlcXkK8t5CbOfayVmdO0y0nTbys68QiiJ3A0iBTl9oQ4rmc0CuD3Kc8N0zEze4V3H8syLQW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133410672042815833"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 1672	3504	chrome.exe	71
PID 3504 wrote to memory of 1672	3504	chrome.exe	71
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 3220	3504	chrome.exe	74
PID 3504 wrote to memory of 4792	3504	chrome.exe	73
PID 3504 wrote to memory of 4792	3504	chrome.exe	73
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75
PID 3504 wrote to memory of 4968	3504	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://R4ohLrzAv67FQ4hNT7i4XwD0T6v5pO3eNlcXkK8t5CbOfayVmdO0y0nTbys68QiiJ3A0iBTl9oQ4rmc0CuD3Kc8N0zEze4V3H8syLQW
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffccc469758,0x7ffccc469768,0x7ffccc469778
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:2
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=252 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2592 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2584 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3764 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2988 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3836 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4040 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2308 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4624 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4968 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4936 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5240 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5268 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5764 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5896 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6016 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5604 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5608 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4704 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5832 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6008 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5712 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6292 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 --field-trial-handle=1792,i,205038304110990664,17943962026639168490,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8c62862ca14a8b65a584222347456aa1

SHA1
7808e82d2b5849f86ff32e772ba250fa29967612

SHA256
6a23773133267c57ca790ef3abe263b987fab5163af5d3227a8237400d88d56f

SHA512
30c75bfaea6cedb0236fb90a1f2cd45f42a7378a58adb24c75227dcc67c595891ed674cb18dffaba357c67b15a3b2720e784b7e29a3153524c6e225a35f87ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8d1ef75efda9f94ec5286456c87b0fc1

SHA1
a4d170b635e7105801553996afe8b21e62ff5c98

SHA256
9af0c90f79aee0a3f1f584209b72d503425fcc339fb532fd4e3061ac1c8b7e2c

SHA512
b3b51d5c878f38e979654801ee149e3ec1dacf18c47882333cfc52da1123be2e3d031302ff81904d257126663639fa1175a285615bafb46fc2945ae79cad32e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5edd17a18dff2b2c755b0789a31e4bd9

SHA1
9c94b9c194b3499fb4227c6c446a2703d1fa357f

SHA256
21905e8e3ce2517f12e54a7ae21778183b0d83e6965419685e16a8f5e790087e

SHA512
02d39d279048dea4784c9b00418c730a59e5a3bfbb07ce0633012a2ccb7846d183ed5b34c08a7d35f2644ea31c0d76f905d94b108fce7599a817554d4b6c588c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
06f473687e7983588c07b763bec69fa9

SHA1
fa85c3dcab2e91b1df6253c750f0bc52f1b6b9c7

SHA256
eda5be1ca875b4a5f56b21eeacd2f1a7905f878556de49f3d571db738f4b3911

SHA512
ac60f54eb9d37324fc0ea1d673ece779ff89b33a316d15c3cada02423ad6809955f310ad50b97db40ab15a008c15ee7890746fe82ea3ecde4be6099f4324f703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0692c527cfbd64f4dff0326c5c5ae447

SHA1
1ea926586d53d99bcd2516621b0d79410a5daea0

SHA256
e5cc367f4f2377ceb1c55091cabe3b38895cb1602a27fc375be11bd942d0da69

SHA512
95559cabb4bd84e9dacfc6f3429d9782fd4342dc8e43bc473ff8c523929fec52df420a1e6a38f4382e057a1372922404674e2a7d9bfdce107464a56a7c0f3c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
50f8f6a18d08f1b59b48f944b9bdaf16

SHA1
beab5b8bd817fa82230e43794ba673029429329e

SHA256
3495de3f9fb41d462b2a25a0a02b16adc7890a40e86bb2b38f8791eab6d4a007

SHA512
bcda5007d5cce35ffbbe5f424f2cbf6e60fb7eac1041706ba6f222891887aeada8588cba644b64a0b9366c75facdbd0515b33c68d72638386c22f5e22c53b8ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02e7da6f13834723281ad95f0307c39e

SHA1
3f47dea99187c3f80f7593556df1d80e8cac1bca

SHA256
14bf92c62c21078b58c810837a49f3bc9a207ed9fc951f1d986d20141038b01e

SHA512
a5601dc49830b3fa7cb483256dce967ce68da9565c8f5340cd1b75c76cad0ced6fbb2a353c89d38ef5afa884e4d060c09ca40d1557340913c51b5b303ba4d081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6f6bb3e9ec8b4719c306ffd9b7d8aeda

SHA1
926157111950da52b8a114a0cdd8228b3c02287f

SHA256
977e00e566e267daa9cb8b9e92c680997bdf4e556dd118d2a67076651d4ba027

SHA512
485cd73c63126623157645b07613914a268362cc6c1fa1327b2a911e6450d3c4333a256dca0da3d703ee51f62d7e3faf5a0280495ca85f664df4e43800ad5dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
615fa679a1d16d73a628caf290967844

SHA1
e5a4570fb035594394f883fdbfc158f8305ac634

SHA256
4035b7d4d778b853f02c3ad94b3a18a4e40350fb0e423c02be239b3b25390b13

SHA512
490797e63130ee96b374abe78b42e8dd9c2827f4a7e2b27cf9b22efcabc3ad5b814d7c7f9cfc3335b90f210d3b26348829c38a54bf586360da2b4d82fd595d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bbd7561702c008820088845f60b0b4db

SHA1
1701c3d42c3cad93550e1fc12f319d127623dd21

SHA256
038129b271639dc332a91a535eedc69ecd1bf19cb86a681213fc09789041522f

SHA512
3d2da7e7f446566b2f473dfa57eed4b6cd18b5eced2577cab4e18a1f1b0dcdff890414730ac336f111bb4338e21d6870385dc1f5a169acfecad1a24cd0fec33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5cbc108b89302e9c83b1097b292546e6

SHA1
beb8500a1f09f3361971009513cac10ee3c8da32

SHA256
6249f41fc86b2ae69b4556e2c683997569757a96e7f28d1034acab2ddc016ebf

SHA512
abc5280f4cb6a4156ad352bedfccd33ae24eba1eeccc1e3e0b16a589194fa62f9463ec4a2887616cea2d5b59214b190266c88db7a0a1bc0f17b2a4e54d597839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a8b49e39e439a952ce48a064d32de0f9

SHA1
bb2d6711cc54260e0fe65ed82958d3db3c9122b0

SHA256
ed1a4e5d46a0fc19e078657805c70ed828cd7ff88fde8c09f91ee10575f855f7

SHA512
cf0039fd29ffa48b8e5d692313be5dc778c5bc38fb52d3ed88b4a664954974ec4ee02009662efc636a6fde9136acac808d577fdd39b262f8d254b39b3d77405b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
314dec8957e78da06381f80f0b680a95

SHA1
5b40a99111ebdf15fe7b9e084dbd979d16479ea9

SHA256
01762d2be4de622d01337226ab54c4306b062b42e09ee2715c975ab2251755eb

SHA512
21bda0f0e13019c486c3e91d38c0dc1f95204cda9e6be80df1d717e3a41da246869392a893561f515e42c0cc02c0f183d0d156e2535d12dcaae45f5daefb0f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
0749c6fa0154c6d1f5ffad3e699a3447

SHA1
9d3b68b76801aad9c5d8e1d70f5fe3161a6743bf

SHA256
585f9e887330b9d661ed60b4b2e8c488827a8eefde4002a6d0b20eac89cad984

SHA512
fd403f087b19c4cdc7e6175a31ebe45f448bf584214a5b3ca7fd98021571d144b479c7daa89b334d3d414af7efb08c356e0a8c298685d34c2c778fb769a67a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
043bb52b18fa20f505cc18ab7c2c9539

SHA1
4ddc2f4153893ef9d37b9844335128d42f05c0b8

SHA256
0f393732bdfeb95421ccc7e43d617cd7cb52c8ea8448ddb4ba4696bb48c680f1

SHA512
b12340c809121a58eb528588ebecb198d85c1dbde17236dca27f6b1f81a519725b60582bec5fd64171c47fbd65a46aa0af92795ad5c1c051b4b9a4afd64b3f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
89f3076798d16b4ba23bd9be49faa555

SHA1
0753190ab73e09d6e3497fc51f526e90e6954cf0

SHA256
ea66dc6417ecd8dee3a4ce37955bfcd24481176b2256c8397fa0086386f308b9

SHA512
622fc7d79b5eeb8646c996ee7f1ee731efb69609ffa0025ded726301ea2777880edee9fdddf5dcfd398cae125d8a2c58d091509d3d8fe8260a9550c013bab254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
04a06419accc9c206350ef8e7cb9f3d7

SHA1
2c801879ebf2c3132c355b9ea675dbd0ba1fc8c7

SHA256
0c5fd5d3785c2cdb5c83bc08d69720a428ab0dbc6c0efe0fa2144df0121f077b

SHA512
711637416780ff6334452ffcd6e0e44842aadde9fa00ccedd377ec2f82b9c479aca6ca2867cd0477573e9bf56856fe0f33669ea46123190a54977e44b826e77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e395.TMP

Filesize
92KB

MD5
026dc47baac9ceb58881596ce8b60ba5

SHA1
bc8d23ce7e3d5cf7531c860ad9aec640057dd823

SHA256
2356fd87e153355484fcbb0b3686f3b61f102a0ef85a2871a46c53fb4682bca0

SHA512
49213dc638c14510ff82b3ccee35f9d4d0631b46ab47ffa4946fdf19d503763d962abc8ed7950b0d02ba16b1ced7227501f10793b2adad7a90a6867803e76652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit