hxxp://click[.]zapnito[.]com/ls/click?upn=mbbl8gakAq4cdTKnsWmARJHOHaNBpTho622sSsq0NTFDP-2Bqtt17gcVFVzCnNdTRC6OJNqBWiOFjF5v-2BtszXwdnXlp6eiR02RHLN5aPG29p8-2BY1WYqm0XUwozMIN6phdev2Hgvvi7CKiCrseF8Nay-2BovDTnTyaWHig6ME7Xw4-2B6hr2Zv8epd2iG869Mx0H89-2BqOVgMpzLI-2BEANjI6aoRXaA27JVPHuS7Pnoz-2F6AbzccU-3DIOVf_9GHvrPH8PmisUGEdK1wYnH1mo5Pi6F5BnYjnmzqmoNwAbMOS8fFNYReJmy2lnadU3yZFT-2FHWElb9cf4vgog6Uiy5PTT8tof6-2F7GJuR2rrtoDmYERzTm9tvnPfMEEYxbPrwA7tMcX64W643PDJ5De7wtPFokpnFZGOj0BCStxaCsvg1NVF3MUncYBgSisuElrmmGYXTR0IKfnERAjXSZV0hfD-2FdrbZxK4c7bjREFIyioltfKUyM6jzMh4NSOnw1a0PcsuaJiP6OsuYa-2BalJPhsspPnQCOk3-2FnunpJq-2Fy6SZMFyhnvkSW2itFqH9B9AVoD3A98vUPjhOizVKHcJerYfdH0O2mmU3DPFtVRs1KJuS7OvVVKNVoq8BTAmB7xVKtNcQ7fm2H2aY-2FZElegdx5f5vywQDwcuk7uhRI3SsHXCFiYogQmOL-2B-2F3LOIebMFq77SgCq7oY9ACoDiisk8Y8Et17JJyEGLCYc9JnHyJhps7mPpp19-2FR84ED2h-2FCeAsVWvlZDMl5Hcueulc1cpfq-2FdpQBKDOYH1SsV7gX-2BULUebLls-3D

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://click.zapnito.com/ls/click?upn=mbbl8gakAq4cdTKnsWmARJHOHaNBpTho622sSsq0NTFDP-2Bqtt17gcVFVzCnNdTRC6OJNqBWiOFjF5v-2BtszXwdnXlp6eiR02RHLN5aPG29p8-2BY1WYqm0XUwozMIN6phdev2Hgvvi7CKiCrseF8Nay-2BovDTnTyaWHig6ME7Xw4-2B6hr2Zv8epd2iG869Mx0H89-2BqOVgMpzLI-2BEANjI6aoRXaA27JVPHuS7Pnoz-2F6AbzccU-3DIOVf_9GHvrPH8PmisUGEdK1wYnH1mo5Pi6F5BnYjnmzqmoNwAbMOS8fFNYReJmy2lnadU3yZFT-2FHWElb9cf4vgog6Uiy5PTT8tof6-2F7GJuR2rrtoDmYERzTm9tvnPfMEEYxbPrwA7tMcX64W643PDJ5De7wtPFokpnFZGOj0BCStxaCsvg1NVF3MUncYBgSisuElrmmGYXTR0IKfnERAjXSZV0hfD-2FdrbZxK4c7bjREFIyioltfKUyM6jzMh4NSOnw1a0PcsuaJiP6OsuYa-2BalJPhsspPnQCOk3-2FnunpJq-2Fy6SZMFyhnvkSW2itFqH9B9AVoD3A98vUPjhOizVKHcJerYfdH0O2mmU3DPFtVRs1KJuS7OvVVKNVoq8BTAmB7xVKtNcQ7fm2H2aY-2FZElegdx5f5vywQDwcuk7uhRI3SsHXCFiYogQmOL-2B-2F3LOIebMFq77SgCq7oY9ACoDiisk8Y8Et17JJyEGLCYc9JnHyJhps7mPpp19-2FR84ED2h-2FCeAsVWvlZDMl5Hcueulc1cpfq-2FdpQBKDOYH1SsV7gX-2BULUebLls-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133416761379068242"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1056 chrome.exe
1056 chrome.exe
1056 chrome.exe
1056 chrome.exe
4432 chrome.exe
4432 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1056 chrome.exe
1056 chrome.exe
1056 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1056 wrote to memory of 4436	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 4436	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3288	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 4536	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 4536	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2868	1056	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://click.zapnito.com/ls/click?upn=mbbl8gakAq4cdTKnsWmARJHOHaNBpTho622sSsq0NTFDP-2Bqtt17gcVFVzCnNdTRC6OJNqBWiOFjF5v-2BtszXwdnXlp6eiR02RHLN5aPG29p8-2BY1WYqm0XUwozMIN6phdev2Hgvvi7CKiCrseF8Nay-2BovDTnTyaWHig6ME7Xw4-2B6hr2Zv8epd2iG869Mx0H89-2BqOVgMpzLI-2BEANjI6aoRXaA27JVPHuS7Pnoz-2F6AbzccU-3DIOVf_9GHvrPH8PmisUGEdK1wYnH1mo5Pi6F5BnYjnmzqmoNwAbMOS8fFNYReJmy2lnadU3yZFT-2FHWElb9cf4vgog6Uiy5PTT8tof6-2F7GJuR2rrtoDmYERzTm9tvnPfMEEYxbPrwA7tMcX64W643PDJ5De7wtPFokpnFZGOj0BCStxaCsvg1NVF3MUncYBgSisuElrmmGYXTR0IKfnERAjXSZV0hfD-2FdrbZxK4c7bjREFIyioltfKUyM6jzMh4NSOnw1a0PcsuaJiP6OsuYa-2BalJPhsspPnQCOk3-2FnunpJq-2Fy6SZMFyhnvkSW2itFqH9B9AVoD3A98vUPjhOizVKHcJerYfdH0O2mmU3DPFtVRs1KJuS7OvVVKNVoq8BTAmB7xVKtNcQ7fm2H2aY-2FZElegdx5f5vywQDwcuk7uhRI3SsHXCFiYogQmOL-2B-2F3LOIebMFq77SgCq7oY9ACoDiisk8Y8Et17JJyEGLCYc9JnHyJhps7mPpp19-2FR84ED2h-2FCeAsVWvlZDMl5Hcueulc1cpfq-2FdpQBKDOYH1SsV7gX-2BULUebLls-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa86f99758,0x7ffa86f99768,0x7ffa86f99778
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:2
2⤵
PID:3288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:8
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:8
2⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:1
2⤵
PID:3636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:1
2⤵
PID:3644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:1
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:8
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:8
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:8
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:8
2⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4544 --field-trial-handle=1892,i,2261572285187322710,9693489679203730775,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
dfa7325872660c2fea882c3915dd0cfb

SHA1
2318d44e8f7a5e8db080e964fe6166404c8557e0

SHA256
fdf98aecc0271127d65ac50f59c9b6b19e93c4d30bb410ba82b986ea6b05acf0

SHA512
61809dcfd977b40634b16688efc662f9cb2db1ba1e7687240d5005249d5d7b1e1582c6736129a8a6c1232ccf9b150b0f56e4d4850b41b30bc456ae583a09b568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
908d3a7e00dfa881560665bdb364ac06

SHA1
6fb8b0e232788aebae683f9f9eaae1566378dee8

SHA256
d240b1d487f5807c5033dbb117a662aa476579127d61f3cb475d5935251e21dd

SHA512
c5c289076798f6034d999e753f3704e53118c974e707d761aa502d9ce6267957b8b23f9dbb13c8c30121c6f79b74d71fdb7370a0d1b1c99382bd453271ab7cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
28d1add47ca7285181f8e0d7350290a4

SHA1
715985e57b4ac918be500e2eb1258897b6de8a57

SHA256
cc50861d7c5158c3db4a47660d325bd76ada1d15234861e2740c9925b7be6b6c

SHA512
65718b1f8b79c73ec1b1ae86b3fbdca9907b995dfe82e742f574efced38da2789e32634f0fa1d0d39b7c46f88c70518842db8894da7493c136f2909bc9c40425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dfe5d36a6cb8ea8171f896998dfbc697

SHA1
fd4c0dc7c78554bc1404b96864d09dab954b683d

SHA256
4757b9d58d8b27b208155affc24bf456da27b567891118aaff5b935f4cca58c9

SHA512
41140cf2e418d50b020ca451478fbc6ab46d0af91df5eb85e71644f0397f2cd361455e5850385a417cf9443cb6de3b9cf8b26e23bb0308e31858a3353387a240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f3336799f7f341b23af89859e73b6f48

SHA1
5ef993f0cd3cd0cbdcccf3ef01ace94c035ac5df

SHA256
a51c9d5fdf6eef6847f7e9ccccfd8059f32219061d2f51063ed13ae154159047

SHA512
07c27092c18be98199b7ab38aa3749531bbe494d502148dd18983a0c1b80ad907d8ccaf744864f4f0d2b271bd2be1c1834ea65b95488210e4a754acac6256fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
69a899041607e15913c4217e87996ffd

SHA1
afd0a6d0b35357a12e06d572eea9438f42ba22e0

SHA256
a36faf8d41359bf13b0ae7c58642a274b55726a8601833e3e8044f90c2264610

SHA512
f80f1de57a8681501e8e93365a84ebb5423e5341a92b833bf162cfec37b6ae9050b7ab8868779fbed628b526ff1312e299f3eb5ee8ef6fd03f11ccf0770b4aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8e222b002c49b5d5b5d975608892cdd9

SHA1
5fb2f4050893e940229983fd6ead9c9dc0bfd976

SHA256
3506ee29843d67e13a9b87b2d7358d687a536f6e28899769ed836a9220e3a2f2

SHA512
4fefc965970e71a9bf2dd8b97d16f1158052d3a9b5e9250ee5fdd3e723551641455e020474579af13f28825501a44d72ec2ab077cf0ea6ea896f5b291a109487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e3d342c08b3781d0649c7bfac2ab9c62

SHA1
a103129e9b37215c8a5ce70d28891c0d27faaa2c

SHA256
e83bbd2851f2eb787c016b54b3da53bcdc23a2a60f66c587473463cb2dff5f83

SHA512
e6e5d25985d385e150b99ee63bac5378bdbb271ca3524e0e25ee9e0b8b6a8506fdf8fa22ce10199344fbedad9730d277cbaf3ffda8cdeff83730a06f13d12950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
121KB

MD5
2dbc301c3143c0ca64581f9cf9ecbb9a

SHA1
eca731a6084491d54a9add233c92c066f42c91b3

SHA256
7dead14e707ee19ed6a578417a3c523f024c7aa3f1584868df0651998642ec39

SHA512
2d7001eeae601c178aa0eede246b416ac8d17c8773ba9db8b5f59db9137b345155abbdd68ef97210f0511b4496e8b34a61ca5a018ef7aa296710d2f559b08120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
122KB

MD5
60c34d1e6862f1d938d3efb39b737558

SHA1
c5d0542a0ba7d8296ae28e5a556f34ce4325f556

SHA256
e1173174aeab49533ca9c18e9ef2cf3a0980a175a33a0e73d211ab89579674ff

SHA512
a774dc018f419cd05c460d881f7f406c19c39097cf6b44ce5d39fa5efab975d81bc5ff19486ff41b827c59fec0f7a62fe60bf384a2746f467d9a7f3dffc231a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
103KB

MD5
6a23e7db42bd6071e0f501dc45b5db08

SHA1
8bfbf2f007047d19573ea54ee3b57e441425b2ac

SHA256
76605fb01cdeee412551ea3a224c53b72fe2da57f50053f5b4afd654126cf13e

SHA512
06d95b9f518eb88ae2edfc3923e9307dcb1232495a5850909623f485669b04b5a1deb5dc52e57f6343a9e7ee1428b2e1cb62448dd83a020bc1d81e6cce9139c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
104KB

MD5
fa367e214e60306e5535ccb9d87ff200

SHA1
ff3c9c88a29d19dba3986dbb8af08ce2cf2db714

SHA256
8e66f71d892d42c33d0438338dce2b19718979b12330311c00d90dcf399ca9eb

SHA512
5b376404b74c0a0f6c9cda1f45a3413a5d8b3a169db1aa427062c571bde63f4eb4adf73332b65fa4173a195c702c487b3bfef87ae14f901865d01f30b9dd006f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
103KB

MD5
a8a8b73a2bf545a5092de18e1936f310

SHA1
7557c5eff296143ef03d1e599442a4a77253d061

SHA256
517411aef50615ddf9fa155af04ea560611c8bf758507858c7a81ee1e7053924

SHA512
af0a198a96d1b01e9edd6385e48a38c7eec3ff8496def8995a085c7cea8429f994f1464ee124a92b7ac0f97526005a46e92c7f591d40368a5b89d04c8599f6f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit