hxxp://link[.]bisnow[.]com/f/a/ox1e8RyGEB3NOCtSd-uuNg~~/AAAEVwA~/RgRnOc4QP0RUaHR0cHM6Ly9hLXByb2QuYmlzbm93LmlvL3MvOU1Wd29XN0tWej9jb250YWN0X2hhc2g9MSZsZWFkX2lkPTEmbWFya2V0b19jYW1wYWlnbl9pZD0xVwNzcGNCCmVVF0lXZaPQ__VSGGRhbmRlcnNvbkB3ZXN0bW9ucm9lLmNvbVgEAAAAAA~~

Resubmissions

17/11/2023, 20:03

231117-ysvkyaeg2v 1

17/11/2023, 19:39

231117-ydal8aed71 1

Analysis

max time kernel
1200s
max time network
1202s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 19:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://link.bisnow.com/f/a/ox1e8RyGEB3NOCtSd-uuNg~~/AAAEVwA~/RgRnOc4QP0RUaHR0cHM6Ly9hLXByb2QuYmlzbm93LmlvL3MvOU1Wd29XN0tWej9jb250YWN0X2hhc2g9MSZsZWFkX2lkPTEmbWFya2V0b19jYW1wYWlnbl9pZD0xVwNzcGNCCmVVF0lXZaPQ__VSGGRhbmRlcnNvbkB3ZXN0bW9ucm9lLmNvbVgEAAAAAA~~

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133447236112945157"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
5152	chrome.exe
5152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 4172	1368	chrome.exe	86
PID 1368 wrote to memory of 4172	1368	chrome.exe	86
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 1808	1368	chrome.exe	88
PID 1368 wrote to memory of 4384	1368	chrome.exe	89
PID 1368 wrote to memory of 4384	1368	chrome.exe	89
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90
PID 1368 wrote to memory of 1608	1368	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://link.bisnow.com/f/a/ox1e8RyGEB3NOCtSd-uuNg~~/AAAEVwA~/RgRnOc4QP0RUaHR0cHM6Ly9hLXByb2QuYmlzbm93LmlvL3MvOU1Wd29XN0tWej9jb250YWN0X2hhc2g9MSZsZWFkX2lkPTEmbWFya2V0b19jYW1wYWlnbl9pZD0xVwNzcGNCCmVVF0lXZaPQ__VSGGRhbmRlcnNvbkB3ZXN0bW9ucm9lLmNvbVgEAAAAAA~~
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f36f9758,0x7ff9f36f9768,0x7ff9f36f9778
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:2
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4808 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5032 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5240 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5508 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5472 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5932 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6108 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6476 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6760 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=7028 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6712 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7568 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7724 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7424 --field-trial-handle=1860,i,6212450942005410629,13431452758538284313,131072 /prefetch:1
  2⤵
  PID:2380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
19KB

MD5
5e655122af347d5e09e5420580186aa8

SHA1
e74885c068b6ee70eb3f9e2b96beec23f6d40815

SHA256
2ff51736985c5ae35ebfcbbcb116361c6f1f786d526187a6d43c0b71563cc1d9

SHA512
2c51a5f94d0304d74061300fe67a834b87afc6ecfea47bf52644473eb765e0813a29ddef6e20abc80631c5d5ddbbec88dee481c34aa2de977ae2a28b69e85110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
17KB

MD5
1f97b0ce0d9239260c93061072302c09

SHA1
6596b1e54ebe25353d05410878bd185fbb992292

SHA256
230c876c36d3974227bdd0a622f87aafd2a6e4a01aa7ffc14f235be871a6140a

SHA512
2062cad5f9bf5be50c01fb3f8b3c6c4eec39394b4b5dbc927e13b965c598023e577f28ba1e4963323553a2e5d11e3651bc01dd3360c6b448238473be2ab3547a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
36KB

MD5
87b1860f4c4b640bf8da72ee83261395

SHA1
8be25df4e56467d34d78a92580963dcd2b7bec04

SHA256
3f5895e323fe2fea746a13e36ddfe89ab7368b5b558981fabcc9626b2591e26e

SHA512
b0f7f9d92beb05ff9fa05486e11d732388e101a1030fcbbaf2b2b553c37c088a1f89d531ee009037200804c02946c59028bd21e452077758f8c9400f35513cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
63KB

MD5
b122e31d9d3b17a9cd605a6fb81164d1

SHA1
191db074b001ac1ea445fa5d0134f65ba84888d1

SHA256
48a16aa1b299b92068b8749f1f43017ba6101122ed100555dab96e1aebc3a2b6

SHA512
c8706247f0857af6455a6c72423ae812e9dd30e5e9c0931ab2474aa6bb310d203ac85bfb08b24f968630a076a992dc177b52cb52adcbac32669873f2968219e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c2a3e8c02da4263a_0

Filesize
15KB

MD5
8d5a59b83c26c9de76d40b4ee37663b8

SHA1
01d950d7a899841e6aa64639fdc84ff5d55c300a

SHA256
28d2430e7b2d91f5b779517264ed31c6faa2ad1cedc9b196837e3baf48c992cc

SHA512
2d0a0d038abc83fa927406cd9cc2bef6d5527fd842ad0d84483c7349b6ec7ebae0c0937e76b2575bf024dd31adc2e5cccfcc2e3c56f1ba09132c6868a4b4a352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
be993710b6829677b3203ee31e218cd9

SHA1
6cd5e4e23cf638925b4d1064f7faae882c50d2e0

SHA256
58bbf321dcf910812bd2491712fc60e1664dca318de13ee72fe51665605e87fd

SHA512
bc118c0089e3870212508f1470b9ad260d2142fbe89891f97aafde37ce06263afb77d937b518bb6acc56414439bf0dbeba480a1a44cb5f513683b87729779ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
08de6c71ee54ea7b3f8414163fb94a66

SHA1
68998f5cab23ccc4d0866afe8f56a50d9512c4b9

SHA256
a103a4f3c77f6cd06228214031251a6f4b3cd0de2ee7e02761cb1a7b5dc24fd5

SHA512
a9d28cb4c9798f65ed702d2091d8bffd3114d4b96140750a919eb6e091ac44c660a6576c9e4ec544bc93c37cf5b9083a6c4d8ccc2f3b4cb27c74dfceccacfb56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
211d3a80332611a36b96566459e3172d

SHA1
c4396ebb9367e629f2f02e88864b9ee83841b195

SHA256
abbb1e49ef5b9046b460d0479010ebabf309be0aee9d22dd774bcce7a6e1a39b

SHA512
bec708891f0cc42e001f976d054d54ef1f3277e986adb257d3f02c288127426ac0e7fa3714237aa6985252a15c0e0c9410a81624b5ddfce434c821f36350ddcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
9da15499698ba5cac33f25e1dbab0884

SHA1
4f11623789ba590ee27ef237209eff24fabae8e1

SHA256
f9fdd9b0f1762476e9c0d122ed024f97643e405edbdb886426c76b3c050a7a35

SHA512
12d07c1b79a5fd62450179f81b6e277b7495b50f697c616d1fec3620de1e816bed37c9c87a63c444bc1c528a0d487094d1a96a7c110faaed4e397304e4e7ed9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
fe760323fcd27a9c9e435d4905bc5ee3

SHA1
1488a2925dfa9976d0b5cd82951bbe83007eb3f9

SHA256
c94c45c01189243703c5c283714cc0c9a3b2a5b23fab33a90383a59ae0b13353

SHA512
872835fda37b01dcff43611ade3817fa2f428898105164c8ecea3065ce63470c418fec4d2151ed0afe2f341541f670424cb76661eb86ceb4d18d99d57ed6adb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
c342833837dc0b24df3a685421461201

SHA1
a976643e26c6733b142dff4d411582cffb41787b

SHA256
060f584f45be3ae97004802d31889c879c156989c2077a81779c010b7ca1d74e

SHA512
c140ca48e802bfb57658578863d416f27e6576e107a0a6b572dace6684c9b976bed122cdc65f055fe19dc35dca47735d7b18ca5542b2065b1d87f46e880764ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
962637e463a246aaba1af38e004a2668

SHA1
373c154d82fa4fee54ed7e40fb80d3d715821788

SHA256
a705f682b3f63a3bfd6d52c188420abe3c2bafc10e706b8ab7ac9255cb4e03ef

SHA512
792ebffe071e78d5ead6040cf50af593ce3d9e353bc097700a46037eacaf984904f91b5f7630faee88fec6f49831bd73c5c27604d863b1301e3f1544b1e188d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
04a6b26d8786c6a4b9a957a273da74d6

SHA1
b803d0a039aa4d375c5e09be504b49378d6c9e87

SHA256
e90053980b70a5cdf51b1aaac213f4b156f89f5590ca164efa0a2d746c8a81cf

SHA512
c479f560d0128a908625b485df0bfe9b68ac55a9cd9e42d873d7ab784c5e60e53f32c8db8f0761380e5233e8079054a9bf010adec961d0173cc312dc81baa9ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
09af004e7089b15acd7a04f8d25aaa41

SHA1
0f1aa8cf45a140d893ac04ac612ad2660096e715

SHA256
4af050d4eace94fad8424288d485b64f8a26752d9854e44e54db6ee5de9af4e2

SHA512
785230a054cf1308ccef85d2842dbdb58ea4c98578cc9c18153e63a6deb3b23988f71d5a22725e0aa4b2a6b2c85b12fab422e8e98f56de5f67c82c1c11fa33e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7f0308a0f35acb8d8e065a62e93dc3d4

SHA1
dcb66a82260eba6671c9d2ff95c48a989db92e4a

SHA256
fb39bf6044eb9f54cac5a05801b5b7edf9350e6a1b0f9c5483b69395ad6b44e9

SHA512
67751767e63fbae18584d1cc91ffd8894efff5b2cf457d08a17070bd9a3404148bce5626d752e10d484b03289ec8f190b950b14afc6380507ceaf14588bc4b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
993b8643d16d467d95546cb6acf089b3

SHA1
64a943b5a57210ee2e15365807101db96dbfa7fc

SHA256
bde5e62e2b3550b83807d273a653afd0f94eb9c27a52a11d781a68c5235866b8

SHA512
22cb36c90d7824635f4678432266f0dcc8375dec0ddf86a876fa938611b5689acfd65e81cbc52993095f6c9fd08c7462eb98fba86fa0fd4b2d14e47d48dc87be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
add628115905f9b9c0f188d12e2dffa3

SHA1
87c0c929813bb56e3adf446b32ed248cf4341838

SHA256
762429afc1d50222fbf2bdbcffc0ef5fd920c8d84ad74a91dcd7c68ccddaf554

SHA512
60a3e047e2d8d8e1bfc8cbb5ca41ed0571baff10b2c29784daad04697a4c084a6436169a23eae49fd6c97b73426204a830e88741e2b4a68257c49f026d82133f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
135105611a13b8ec7bb0bb54e04b8f2e

SHA1
c6d7ce3537631a4486e0e9000131da544842e960

SHA256
1393ad273d73e0a84548f2e5ebe25a26aebb9acdf0e8089c44a0508b79666ff1

SHA512
bd47b35529eb7217743329e2de08328e5fd617453103a8452aaab1382d4267e4e0a49a9126505625332082b86c6dd1e117ff62e0ec37ed5d922512d929a0ad72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3a8f3c55f529ce1debcdec790f6e7b37

SHA1
689e485fdeac909e03954899f0f3b142ad574ad1

SHA256
769d6f0e5ca3843815e460b783af5532e136582f1cc2937e229e5067c2e3fb33

SHA512
8f7f25b535a57708a351c6d7212467be2644a413da2c2e4d0855786d16824c6f2227aea1f220cbaf4c9b02c51b239d3081cb61d121ae130c4ad54da4d076f259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f8e7.TMP

Filesize
48B

MD5
6ad09dc0494bbeec72b9ddde7dc35bea

SHA1
8d8497ecd68cc7804da3b912d182a58c6d40b460

SHA256
e5557f328f1b6dc9e9dcaac1a498c4efb5b8fa34e1b4c4091932faf63903b12d

SHA512
0494619904e9a24b8f31be4700297e91b46dccb951c52a647f7364b2a8d4a5e85ea8b1a7d79a76aa5f7cdc2eb6f0562da05632f8ec0201cda7524593b4e6bb4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
f384c95259b085fb92b4807a81b524a9

SHA1
0811c0af69bd4d21e471a2a1603af83c8dc23627

SHA256
6cbdb0cb52cd5a99043968f549d0dd8f75aa5f6c808f1a75132c0d276b6de3f8

SHA512
5eb8959fd68fb073252b8a5b04bd719497d748e18905ee9247b1cbdf69b0975f2b5e7527314d8fe25c6304006ab7754f58f0d3bb9852c9bd4c9311c72fe8e622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
e3c0e9bfbfbb9bb32022ef296eb9ce79

SHA1
fd0a77aa8c0173f467b8ffc2ad7e6f93109126ea

SHA256
37038326a7333f0c66e5acf0e260bf32beed277a9b3a5859726e56a838267ae8

SHA512
187a194a91cdd19c6280db47908e49773394afcdf8dde88094b3e1c53092c93114a7748d7d580e5cf6669f0b6e0e35c38eaaaa31e8bf69946aada30e7a5a8de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit