hxxp://burnwomanburn[.]com/wp-content/uploads/2023/set[.]html

Resubmissions

23-11-2023 02:57

231123-dfxvbaff29 10

23-11-2023 02:50

231123-dbwrfsgd2w 1

Analysis

max time kernel
121s
max time network
121s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
23-11-2023 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://burnwomanburn.com/wp-content/uploads/2023/set.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451814499375766"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1380 chrome.exe
1380 chrome.exe
4916 chrome.exe
4916 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exe

pid	process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

chrome.exe

pid process

1380 chrome.exe
1380 chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1380 wrote to memory of 5008	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 5008	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4552	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4320	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4320	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4060	1380	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://burnwomanburn.com/wp-content/uploads/2023/set.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8ef259758,0x7ff8ef259768,0x7ff8ef259778
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2712 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2704 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4724 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4436 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3840 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5900 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3084 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6056 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3120 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5988 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4540 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3744 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4524 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4944 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3172 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1592 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5976 --field-trial-handle=1844,i,9343811662358437062,9233568196584451297,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
2.1MB

MD5
f3df5cfeb9072a1100d840b7c9f9d79f

SHA1
80fb8522506d3ff89b33f0917549af2befc99050

SHA256
181bba3337297ea023f1318f62bef7d53225ed92854b024399df71857382f49e

SHA512
e1ec232e348a911abb5966728566d581cc0e714c8bd1099ff5ca8179ef54d6a41dca820aa80d219fbbe3775ca5af7d3d3a3b91be495183fbd360363f368a89f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
308b5e9ee8f826b3de560c2bd8a21343

SHA1
945479276dffc3228ff1c6412814d8cde71a3aa0

SHA256
14b013fd5ed7fe853955d3be8a23ee1894d263cd7a9e9a107b593dbbb78f491e

SHA512
5fdec398ae6b960cecea2d3885a43400d0176adfb84b386f8c1366bea1eb3b2d52bae770d151c195dfa416419eecad117121c1d5950fe967429879fd578f7ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\03d78bfc-2f2c-4503-addb-afc0c5c3ec3f.tmp

Filesize
1KB

MD5
a5d3cb3f9867365588727a8fccba272c

SHA1
2408ec96f358968ee27b2e29fdfb51e1d5259753

SHA256
ce8f9518a80dc13769d9f9e545655ea66f7e15228fa1984ab403b48b5e894dc9

SHA512
88abf94a489c9c6c39b4db17fb07d21e679b5808c1baa7130086462be0a437372ec9e2a1dde8ce37c045085425e024afdc22110ca1ba5c1f5d029cb2aafd39bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e2192c5e590dbe0c41f9a180454adb1d

SHA1
bbd9dda5bdd9471ab701b7781e1da8aaf55bd5d8

SHA256
fad6be40b02ba23c102113fb9023cd15e7f19dfc24623ba624674028a19d90b5

SHA512
399812b4d61b1267b3ef86b4bcfda68c12fccab51b7ff78afcb8d3b72c82b517cec88ce08c9d3c6f1138c122ebd81127a98879e58a2f4d5e2fa0251217e80343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
866B

MD5
a1597e0917e9ffb9379a9e5c97219063

SHA1
8b1fc73996d3cc5efcee80fcd1e6d3fdc7162ed9

SHA256
d1d37662508a624fa990d1b8d08bdd17827be9b34cc7cf2213e724da426c75ea

SHA512
3c1a97dc3a8df45f5e3b448f059ebc816470bf481d15890bea73f6d1ef3719d9ea6b4799be98937de769085b696f543da035715ece7748df649cf074ba494f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
868B

MD5
bb9465012df116b578a56f8b26dc6de5

SHA1
0a203f5aac5dda10d35efd55c3ef36c42cc25112

SHA256
827aafb492e686714f5942818920ed75743403d976508c55883c679660d6a86e

SHA512
f8c496c00b2c7113f510d53e9dfae06eb4acc1d998fc4abd1f6a7cdac6d63e6247fa973fe0afb3007767c80f92382783e1d2463d85b6ca983d395b342f69f6a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
699B

MD5
05194c0af4b1e8ee576f2dd7f9acf81a

SHA1
4f2964208ae9ad30b54b7a2389225eead5fde5c6

SHA256
7ba454ef467075868a19db2234687fe9dcfeae2034245dbd5d465de4de3847f3

SHA512
2669b72d732443dfe465cefea8eefd601f44adbb10623f350336dca127eb1efa048268670cfa71fd9899c545b3b1509c62a45ba146244926c1b0aa1b97bcbeae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a64bca4cb58244d2614f2a2cee9c0824

SHA1
8216f094ff8698e50a7f4b84ec81e5692a069c85

SHA256
4b617b789c6c8528ebf42fdfbbe63aea4180a64d9b6f4ae0eae9f4428d2a9315

SHA512
c1683e8ab930942cc55af0013b5d44c0a4676ecbf70ed9056f80367c8b297469873b829650d6e7a72db7683e7c468e0869a127ace6b2c8cd8d55625d80e0e47e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
abb6a5a739e420ad7306600a949d60e6

SHA1
14bd01877bfc6871011e45a74d58660b835a7394

SHA256
a4584230802b0f2cd751738ac7ee38bf2b181e6ecf3f5c1af4e0f821ae192fcd

SHA512
cad5be22b7912aea5759a578c40355012cce88bfdd722fb3f8838e305e3923f16cc9ecd346c3f525626a10dc2df95af1dd2309adbbede1e735d7ed42e22bcb24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c5a98dbc1b3a188b0e83fed2b8f71cf

SHA1
50ebf8a3091b7d733503fdfb543bbea9741b9b1f

SHA256
5d9444796a87d530ce8e42507a791ce11d504bc20cb781e24cc0e4ab6049e811

SHA512
1a8549d9a6eeebafb542485bc8e2ac877c559374856971b01a6adbb342febad05d184734645a6e8cd982a8bf5ca636bffa94126a24749cecd050f5de2e4c75c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2e598599c098871ca48116fc0970d47

SHA1
fe300bcc0c309c3bec13bbc184fbc829d6400cbe

SHA256
f0375506abf9e2ceeeedfcf8efa0a801163050d30a8f0b98a5e49052b04ec0f8

SHA512
72423a3511e8361db33c0187fb62269a60a1d3661b7bd8e0ebec33d54ec1bfd9bd44791ef28f5a661602fdff19b834f6932c8330cefc36c8afa0c5b75cfb95c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5bfa31d0532a694d9387c754ab5e8f4a

SHA1
99d1ebf2eebe5189e60e6f63ffbe332973f19935

SHA256
5967f07a50320a0f74aacde01e93107a96e40c76b57b4ca3daf3ec589cb26272

SHA512
3dc1c0a9db207dcab880171c3577223fb8f5729bf84be0fbcad55407a905fc6f7c70ad7663ba2e47e62c12c9ef31e0b0364c747e8d9e1c067291da14c087ec7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4c205da28a3631ec83c3413dc0503031

SHA1
e5a3612b72c39af7f05f3fa7aa4623c6f43bdfbe

SHA256
c5c8f3ea48030bcf110dd65f3527481682622cef85c70373004c1b3c99916c19

SHA512
5711ee5c4db1c911d25eba1d530371163c6be1dd9127cde85ee444c89792776e6eb1a866bc8b642a1f254e431991f57291cb922118aab7fc5082520b051e5fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5904b9.TMP

Filesize
48B

MD5
388d7880d59574026cfae70def4190f8

SHA1
5872be0d58135ce93962cd080276e852ab083737

SHA256
238c883942521408883e17d51ffff87b67153e5dce2d29412c271a80b9a3a5a5

SHA512
91c54894c6cb5789f26d10cda0e90a47d0909838098a64ecad80d942fe5b2a094aedd6c2917921b8d4ea8143444495707486bcb88627267c180d86ecf71b1398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
cffa94bd6586cb6dc9094e2850e23507

SHA1
150fe9054eff2e01904e61afca9ab62a42277489

SHA256
e69cce95f88ee00796e335c720aad80e4e2bb861e9e99ee013bc6ba0acea5e20

SHA512
baa64a173a66e19647e509a69ace25e9144c39424dd382da69f1556a02fb59ad1dd301ab75387bf96c0603b533b70a16e943165c10e3f255f423eda2bf8a4b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
aac5ce826970a70afad01a09fad367e3

SHA1
b0ba966eacfc7022bd0450e5d854e8e4937f3cdd

SHA256
6569c1c7631960c54d1bd7a100371304959183df1550962993eabb2a138e9c71

SHA512
0f2ad80fc2d8fa863658eae198fabe4cd042d09086f7e868cd15252b8cb11d75e303ab9a34eb7441d8f11e556c7af8c97169a6d5bfabaa837883b755b1e0c747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
00f375009caa40a9e9788d5d54ba5624

SHA1
064f293955cb9d5db19c4f3d564c812bb8473548

SHA256
48bb17528fba17cf7a052dd09f1eaa9de72c4fa1011219b9d64cc4c569fa6e0f

SHA512
d09e08651b0e734f8edc8ca955260c10391c918ac79b0b71273560149f983210fc87c5f9d940ee0079bc6d1a2ba34c6f5fc47f0093fee2a532b51b1125096a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1380_VXBLWJSSQERWYRUF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit