hxxp://repo[.]fpki[.]gov

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2023 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://repo.fpki.gov

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133437598494762691"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 376	5008	chrome.exe	85
PID 5008 wrote to memory of 376	5008	chrome.exe	85
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 1028	5008	chrome.exe	89
PID 5008 wrote to memory of 384	5008	chrome.exe	90
PID 5008 wrote to memory of 384	5008	chrome.exe	90
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91
PID 5008 wrote to memory of 4464	5008	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://repo.fpki.gov
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95fb49758,0x7ff95fb49768,0x7ff95fb49778
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:2
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4516 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3956 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4188 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4524 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5520 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5524 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2912 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5264 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5240 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5612 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2812 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1012 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3172 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3164 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4616 --field-trial-handle=1860,i,4450923263973004125,6815933558158551829,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:8

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7272362e-f449-4e7a-a82d-52a056bf7765.tmp

Filesize
109KB

MD5
54f58d639b78ed7130e7e2ef093ce2c7

SHA1
a993599ed9944cf6977c70aceae94709140ff3e7

SHA256
767d2a5ac5017bdf1fe1cfab08918b46ae2a4e3943de0b840f22216729062a7d

SHA512
dbeef50d95287490546c13871c75d5e86a0e8f9801a46df91d91c8f675ed3f30871f194b7ab9aa54036ce5c26a176a6ade6a99f07d806f5d1e76eb966670baff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\26555faa-52f1-417c-9ff3-180998f77042.tmp

Filesize
5KB

MD5
3c30a0b7db5e529b653a572280b79770

SHA1
0ee367b81cbf73339bc0ddb159e10a75a8509082

SHA256
b9568d72575cc20ab81b03914dafd558b6f028a0f31c176bf1b93be9057172c5

SHA512
77c0524793d76d7d3b1c679d5876fb53ef297553f73892c05199b38b152d73cd94b7cf9bb649f340d56de464b3b7bad60a3e3086df9bc41d7df6a22cd1e0d923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
54f02b0cac5a87a71660db8e1de92df8

SHA1
e8612f154ff63721db88b0aaa0dafc560c0cc516

SHA256
1731b104c24f74197fee1daf9ee50d1bac79dcaeca3c7040f4d3fe86294989d9

SHA512
5948e61f2468f7ecfd385c5192300ccdcb76e4ef74fc9b4770001eb147acb1df6835f6e226c4c84fcd9f0f08e0c36aa89a3784e16e872a6869aa6fe898f7b5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
3e676d8c5a9414b8e08d4a57e6c79212

SHA1
0f8b422eab3364e889e3274ea0c8962896867756

SHA256
614bd0959706854cc43096f3a6e2abc98322351dcc5efe61d3c1272b4249ad60

SHA512
b745e9e9a283ac37cbe944d934133c5ac145fbd13a963a2c397910036e54961a202302ae5bf0b672536ec1b155095f7fe5e9ca91132ffc90c29f9c713fbddde3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\11ec202c-37d8-4632-9cc8-4c42ca9226a2.tmp

Filesize
1KB

MD5
d167a3d9ea9cf5af547d7730a6c1ed49

SHA1
cc12d06fbbc0479b46dbe55c728aa12a70dad099

SHA256
ee0e69c329f29ffd29a576663627adcda664a1c62ab61060bfbe63a92178f1e2

SHA512
96fb434179d1e34bc5519b72205c3d6fdf827d7a66b95c3a7235ff9956ae9759eecf1f13c32d2c799f691418bd6b67abfb4d0d4e1f3213ead4edd7aaab6b9e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e2edaf9080e9a56a89dfe2260e3d9bb2

SHA1
119a7684977385f7b144876461a01de2ff3c04fd

SHA256
051a61006600ffb81ac83ea52e163a99e4d4cedc6a1c2d16bddd3da3035f1eee

SHA512
618a022b759bc1e6460e4d6fa5ad8e891606eeee7ac420c97e02e40920bd5de35dbfb80fb3fc1add9a3defc1eaf4118625a7d86eac8689952c35c663c5664e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c5e99baa31ccd8ae8ebddb9c59df5da3

SHA1
7c0a24da9060685085f329cfcf2c6bac554e07b7

SHA256
07dc94d849ce87c0b354b1152d4f6899d4b5b39567323b02284025ee57d33220

SHA512
275055a837b3d29f507bca9eb18bbe993778d219e40939d1e981ee44db3e628a7eea42257579207e04ee76f94b8a5b09eb5d67a68d565d0051ab6a38755fcc00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e8182dfced040f654ea100925ae88083

SHA1
13bd957d2a8ed236594e8f6b9f471de931f700a6

SHA256
fbaad0749ba4ff1d33feb36a35b65b88b6f5b33ce9b47c7b7277d94446e91d96

SHA512
cb73d8e68d3e9318c64fb0f09323600dc15bdb6ef89dd685384476508524237c4a6fdd3960ddb0c7c90c63846044678a96eaec9d770849379aae4d47ca893874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
1dc2485ce1007832765a654a3df957fe

SHA1
031aedc1bb2c421c5b15ae082a1d6fcf16c097e6

SHA256
0b9daf362720f5c5f525e20e5b7a3f05384f16be2effdf88c7cb5414c7940caf

SHA512
27fdbc896e9e5924658469125a9e522af2b2847173631c0d5483f48862d49b1bf0ebd0ad2fed4d5bbe4c0e37ddc9a24837448146e188b1ebee167eec8645ef9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c0779d846f27f1ae6e92425a5e557df1

SHA1
e80c6d41be497c03aa00c04a4ea19698c772e8aa

SHA256
be5dd2bf4ea07f7431b1a4afee57dc95423ee9e0ad81796bbe2dbc90adbb91bf

SHA512
2a0e13a4fe9366d640a608841af3096e3c0e73fa7f82ccaed419783f84e0dfaec83f669368e1eb398cc8138755f2d8405f19ef34355ae308f86b865ccb0ed48f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
72a2d14129ed00d519545ce7479c96a9

SHA1
6ab69a01b5b7ff7c038f750872d11d0bc5c073a1

SHA256
0e348855bb25c32bff5ec5585220468f3c4aef73e2b6b00af043a7adbb248a34

SHA512
5b9383b54c987e3ab3bdc26df81b695621c88b381e82b40bac5419b0347439951c8fe10592f13583aa65410fd133f5c7139cffd3ff1b0c3d773021e5a1dc9f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
77a0ee01bcde8e1a40b949a0e250d62b

SHA1
fcfe5869256e47a6187dba2e98c10afedfe20022

SHA256
1dd48f9b8c078f1c8bcc3bda1db4e846c5434c4e6ef717a6b2566f5b385b9021

SHA512
fa62f1f788a3d1a0af5017d4ee890acbeb43671b1ba2e9b7f1088cd67c865309e016554fb078a596ff8ecf0e1d8f9f51c1a83e39aaa7080b03d1a8b163c1eff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe599001.TMP

Filesize
120B

MD5
b8eeaa3ea9c529dc673a172c1a364c08

SHA1
d28b39b2b30326b9e162e22ff734623d4045f1ce

SHA256
c709d3d1c083d86779ddf6c024c509690dbcd53e5a3db69101f37cd48a86e49e

SHA512
59470fac2f15bfa8f7bd480bad99e3f0dbcc3012c8376140e1f70d77a3361f8c24033c1f519fbc95075acd730fa1af291420b1f13a7ebb704fe816b5d34afb6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
7bb09762af7efd4a414c34fe6e766214

SHA1
6d0d7e0ea8f5662a4ee6c928d97573b8019aa5c9

SHA256
332f29dc3deedc214d733792879eaed26d1e91fc9ae1455b3558d01a52a65445

SHA512
8201617ce03e8b13fa58d05633e5aa5ff474b49f494ef3142aff4edadd142e39eebf0f5e3aca24c01c9eb71925954e09b37c4e29c21c2d0fa2fc974a37937fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
d80e75b3d8863911ddb743625447a392

SHA1
fa0dc5ebad082e427f807a6e7dc5e1595b6ee1e1

SHA256
1246c6947a943d9094dc6c195f079343e06c5d85684193ad897371004ddbcc1c

SHA512
c96c772b763232cfb67daeca510e0c14c507cb854c8aac7090fc706b01d0b52288cdcf154159eeec3bc1bdd550768af4b300f005f2ccea35c455b63487b102fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
60be5f3f6e9ec9e15dc688484140973c

SHA1
09a63bc569466c548373776b00d20a740fcf9ba2

SHA256
5ed49e347b2b1e1f6b5b67f4471a7681551eb1b53823c3c7e6208fff8f3e4878

SHA512
c169a885d2fa3e358642dafaa1e0f18d63a7df5842ca791b1ddaafd16eb91e612c4c7e9d740a0cfadf944d82187853b2990025fa935e42271e7940cef4c52d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
d2db3b1b881a20b383fccd2b02f0a8a9

SHA1
e21e23c0b137b589d51bbdef03a322dfc7f5c149

SHA256
948d47898c41108e25213f191f4cf2b1d5936627f4c452f9946a163ba8e9ba20

SHA512
d618f0c5e2bad9033e39378f48077aca4650f399bca9bccf7214d93cbd271c8b2b1429a8f99a787f1d9a6a7cd630a4842d84a0a7ed28155a40b5ef717c1270e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c1f3.TMP

Filesize
95KB

MD5
1497f16141dcde1ec56eafe6ad7f8ead

SHA1
a20f535735f092d5a746b2439c223ce72802cb1d

SHA256
a20eab1a21ffb4ed40ea08c2b9d7b0d5c0e108f68b031d34136296f20c55d44b

SHA512
b8f1fd7995c0ce1df9e46cdf27cd4256beb38acbbd161551f9e889e9420bffb71969c7936a62fd14f04a6318a0dc5a8072a2736931212b959b790a47fdb13102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit