hxxps://beast-then[.]com

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2023 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://beast-then.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133419483998909327"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4556 chrome.exe
4556 chrome.exe
4556 chrome.exe
4556 chrome.exe
5024 chrome.exe
5024 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4556 wrote to memory of 1020	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 1020	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 3708	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4172	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4172	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe
PID 4556 wrote to memory of 4828	4556	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://beast-then.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8a319758,0x7ffc8a319768,0x7ffc8a319778
2⤵
PID:1020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:2
2⤵
PID:3708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:8
2⤵
PID:4172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:8
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:8
2⤵
PID:752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:8
2⤵
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:8
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:8
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5272 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5700 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5904 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6124 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5764 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5756 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5932 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6064 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:1
2⤵
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5996 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:8
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1608 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:8
2⤵
PID:804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:8
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5184 --field-trial-handle=1896,i,17772447576150936337,16250296626776975945,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5024

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1772

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
dc22d7edca05801efb8e498b4ee27431

SHA1
beb0890ef4f30294151424d6163aeac7ffe46f28

SHA256
19d0b7ae412f9a8ff3f869a4ebcfd6621cf458a7eb142aeb93154dbe9e947f3e

SHA512
c2dcb6e798809de508c090a376198ed90016dc407b141148be45b78fd7e9b17442b2406ea7680998efab495c96b136fd8122e30a5272bf3814495dc37781d1e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
f3872ae766885e90e2490280b6816b03

SHA1
0e1cd888118cc344408cead8be5dbecb9bac36a7

SHA256
1fbb159e12e9fe9fbcdfce1213726b838a417be545e4b19f9ccf008b8fe720dc

SHA512
bc0c474881600402a4fb8a5a56db706d947bf5715abc3f7b71a59c19c82ef76a12d633328c0dc8a309531d3c2884576a32c01c96c7e0060308b94dd8c5c0fde9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
7b6f2fa4670b318d0e462bb167900e57

SHA1
920163b7f46ecf583d50a4cfe8f6fc69dc8afd65

SHA256
fd870763ec7aa8d4ccadb30e507a6c2b48987976996abe01de8422c7bb1b2084

SHA512
36ef4bd1adb38bfe643ead6a13843845fe2169af8ada116067683ebfb12b94fc90d5e41996a65d8a5a0e5434060c5818d9cb981e2023c28ec6c34753bd0a7625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
9cc10a801e0ea9b27edd2b847a995d23

SHA1
94e21d26ed72592e78f5da959b5bb62df6458de5

SHA256
fe450fd28caf58599da4fe51881a68a935279c2fef9dcaf3fcdcc61985b58444

SHA512
d7373d409286e1cc7540f748144eddcf3e5f74535c8bbb909f2ad5dad3c4f5d7ce8bab644e619533fac15d2f1abea351748f1620b17b651223515fdd394bdd75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
6cdf3d06a4f0e13cd8cc12c8f5c54852

SHA1
439ece4b9486ed8d9fa9a4f380ab195675bf4c88

SHA256
fee6c775185b623e998935fd368f0990235eab3d64cae19879f8b2c0e3328356

SHA512
3922ebbb7e049a6e045f0b0e0aca53b544fcdfe3a1f4b2025e0aa33ec74f576c6458da387a45714364504599f9c31aff5019ed3a3168ed708cf10c97d9300bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
fdc67e9654ee8b7b7a3b51abd82235b2

SHA1
14db5592f4adbb7bbb22a6a41eea21bcc21172f8

SHA256
273356783b943b5c9394909353c4fd3642a07e0346a379c6d8b75a171f5e7bf1

SHA512
979506f379ce716bb46ed969e3e55d036bfc881f3dc7bf6ad6ed12dc0e538b7f84354a8b17adf08c5bd1e9410953ff69ce001658a706f3256ee118353ea271c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
7f1b6473f46b968fc154cd2659357ee4

SHA1
bb7e32a429981956762b0aa23b119e12283c94f4

SHA256
3f6cca12bb763c66eeda39c1c453fe0616a93b69fe06fc64bfabfca1f40c0d37

SHA512
927f4c8dae25d6e079433b1e6090a7ac13aa355023e1f03fc5f2772453fb21ba64e984ab8f7676cc743978daf27d5d8d1e4ae3a96ba251377f3c492aaf36f86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
be5db17edf831c9a45e0ac23f1c2a8f9

SHA1
cea6537f4c88135131b2c8beaad6d17bfababf5e

SHA256
37eee60b166fb3db144ca3ee2969b461eddd8e343b2e439f8b4ed76fec9595f2

SHA512
1a087204d4d3342bdc3f0b4f8c7ba87347b5ae5868fb04a07d671c79203ad96ffcbf5722a1c1d23dea71c40deae242dd34c14c4840997188229237606b85c0eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
eb1b14910589ccf4e69a511b64225b91

SHA1
32ebd2e9d410d5372c64da94b21f16857c577f16

SHA256
2e0ed37ef53e0151fc101eae5825293a53e990d8340c0b2f52072502bd510c08

SHA512
628420a762f9be989adb0193cc0daa726f4fc99b26b0240a11a8d46188d7a670fdb83a1d1aa6df0f15eeeb681eb149d0e2e87002d4dad3c806a30c291e6b6b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1402be829933d70d89e122f97358adb3

SHA1
7069f0b3581bc1ea9a73f0e17f43dc6842141d04

SHA256
e3adb8a3618f74caef6c91d5706ff19db457e49cc3edd77162e13e4f48872f94

SHA512
38f3d0aef205a813a700998a6fc902009fac443db3d40c5f99666278d089f124f26dc4a16acb9e123ee0d19f25c33cfae969e46366ace9c04f4fa091468df433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
cd2cd48d339a8fbdcfddb176f18d7351

SHA1
5a3927245d0c6bb0a52ca8107a54b8bc57656ea6

SHA256
77a5c967ecada82d48e007980cafae46eb4184b8d0ca07e150d6d50035cc8aa4

SHA512
403be8b1fb41975f52c41caab359b86f9565a5aaf49e6dfd0251330befcc99c1cf07251e0df32cbe5d6b9313b9ce1a9faa1c1a3d2efde0d0401af12fd3810958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
e476cf89dc9fb1ab88e92144d5fd2dae

SHA1
b2fdc0eb3423ffb409276bb21092f4966509bc3d

SHA256
a751b6100e51d24402c33685c6d2f45b0bf36dc27e3c65b217d617687f776a4e

SHA512
0b01a0a5ed5216d9fef1147d42282c018f663cd78e45bb5955b108627773734cc47095ebd1980d488c55d97993de7ff0f41a3873d9d345eb63154e7b7d7a4e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1a899405f63df1f7f15bfe03b18cbf58

SHA1
e2b58133861e42c9c691d4eb168c275a5b4de45c

SHA256
0aedca939084370f8af659f263652df90a04e1c483c5af48bedf36909dca7fa9

SHA512
82beecc5fbb75a3ebe94037e51696957e8baaf3eaa163be9c26a9fa384631f6743aa8065cd48a3d2a4cd2e7e8546820f163efe8a37d4fc08b75c1d5637b04a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
122KB

MD5
82c37284024679b14a7e31cffb857ecb

SHA1
3c2ee26dcea86a6235789e099200b9f7d33c04d8

SHA256
c5cc0a6f041f511d0d986e45382ca29893913b18893b96541b24d4d2d617a100

SHA512
0c0230df6f253e4e2b45737941ead0f88e8acb615a8a80a412d69150823934e6bb675419f487de34ce0f4fb540db11d1e97c9fc0cdfda7e8dea1671aa0b4ad5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
103KB

MD5
12ed2d8877f48a10218664d5ae0943e3

SHA1
d805d7b4e085cc422ab370bd677a506f6bbefb5d

SHA256
323c0ae86ad245449002dbe7dc3d5c1afb18b6330d6b96a22e041e92d04a01c6

SHA512
76295bf9ad41f806bd370975a9cacb981d19a92a6cebe406bee0c9381c974d6c8839767c6f9fdb55b4072db9bda74fad385ee05f6f0ffe703ceddd3f78ba5a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
104KB

MD5
65616cf7bb6902e000ef1f26fd787f8f

SHA1
c42a97f4683135c66be791ad30de9829528dc531

SHA256
1bf830a6fc9a2ecb6319f984c665d2421d8efe76fbd88d79b683d59d8112b224

SHA512
c5e7df9b89d96179e632717dfd1f0398385d9485ba8801ba853ca33d5882276ca39ca7016a898cb3abd67040c777d40258b286ea4dee6607f23c82a2471fdb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
104KB

MD5
f42fe69d3b21561a7044be3653a3e4a8

SHA1
d70f48835807eadd702a4e08f6b07344261dbfb9

SHA256
442607ac43ab948198a021531bd95a9c0cccc93a2bdf2381f86ab0117a39cf52

SHA512
34eb533893ddc6dd6318804b8955b19e7649d2779b611bfb1319ce48d588fe744829ecfc4ae672288131a47ad74206a7d87d088e7bede8954de5faf17bed87de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
121KB

MD5
a4efc4c4c6a5cb4448b74f5ae925cbbd

SHA1
308453ea368a9b9b2d30afc9f2f8d11d57c6fcbd

SHA256
cdc6d86d0fd849af6314bb0b3d7bf2fbb07c08089eea144841fb155f5f1719dc

SHA512
fff6805b3c8350cf18dd2ee733c33e1160fdb1c2d3eac54998ede898789e482f9282ff4fc66545a9e26db191c1e622b631d7ccbf2eee3875a03e9a5a3a2e2e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
103KB

MD5
70e614166029932061f913a490b003b4

SHA1
b6ac21f3824df07e7904f429f755c1406ee119f8

SHA256
4e2ab9c4e585ef3d8a90b00437a1c4ca667da865cf806b7f0ca77bde05017a80

SHA512
c76ee2f6383950b25411019665bdbc6772ee02fdbce0a3fc938e87b634f09271bdc1935fc856671cb1c1759502b277ded43cf3b2e2655189daa9e2061b769d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
103KB

MD5
05de667814ce54abc605c915539b0cbe

SHA1
c88d1774dddd5301c20b49d95bbd4c90f5e5b636

SHA256
b70165a54fc70da19e0c1d88e036df645ab7fbbc301fe7f7080f7971e18dd02c

SHA512
fe8f2f17bb9846ef1a0da7ef52f4e656da02086e7771263cc91294e156d8c862f58d5f67d4e7f67e0130f7b18ce668251577afad5ee25e5e3b2ec1e0001fdd3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
af57bca138cebd325e5cd2b93d479e7b

SHA1
a7278a22ec03bca24ea175f1ae33d7bd401358c9

SHA256
a4ae4307678e8595dac5aedd14cb575a0bf0d621ecdcb951e490e53dedcf2bc2

SHA512
989db407df73b3a92425e35586aca411e4894215b8687f38b4232fb46209def400165a77b35d19c8c0f88395e38a8361266f76a4adf562d9ec9bce2e5d83306a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59459a.TMP
Filesize
101KB

MD5
fa2ddf3160e6f9df5ae61150ad89ecf2

SHA1
2d07b2e633935f25f724f82512715cc8dfd70400

SHA256
f5df02ba29fe10069f8d2877bd287a45c8483d19e55d667577444304f4f84822

SHA512
c316debf9652bdb11b9a83511ae72adced5975d2bd8142731b92a0ec6783cb9617fdd78b499c1cae1f63bbbb98addfedc4b71eb13889ef02145e899d4fffb687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4556_TZSRDZTROVYWZZSS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit