hxxps://sci-hub[.]hkvisa[.]net/

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2023 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sci-hub.hkvisa.net/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133457233990707266"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1768 chrome.exe
1768 chrome.exe
3312 chrome.exe
3312 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exe

pid	process
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe
Token: SeShutdownPrivilege	1768	chrome.exe
Token: SeCreatePagefilePrivilege	1768	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1768 wrote to memory of 2896	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 2896	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 1696	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 3204	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 3204	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe
PID 1768 wrote to memory of 448	1768	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sci-hub.hkvisa.net/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff970fb9758,0x7ff970fb9768,0x7ff970fb9778
2⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:2
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:8
2⤵
PID:3204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:8
2⤵
PID:448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:1872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5036 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:3312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5208 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5388 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5380 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4560 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5988 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:8
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:8
2⤵
PID:1124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4480 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4808 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6372 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5136 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4400 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6584 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:1
2⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6304 --field-trial-handle=1836,i,1247098920172775617,10622472653778924564,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3400

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
90KB

MD5
56bd8ba7ccc8ecdcf8df8c76d1ce5a9f

SHA1
e289ba7d55a15544cddd29d635c6e6ee7ebc370b

SHA256
7f3c8201810f034db095e09eb5087dbb954e409686564ef4392813fc59e1d5bc

SHA512
47d650a200dc0a7f2cbedb15e94021ba51ccc25fc6cfae55c1de5f2d1ef5491036724eb086ee8d2afc16ad06dd6468d38f3d39c44854da92523b3c3b4aa07516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
51KB

MD5
86463bff22a5d24bc090675fb5230696

SHA1
1c0b566510cda6b0581c9a8899baf929cfb1425f

SHA256
0e083ba08085711266e22cf56d9f170ba8e9eeb9272f6b6b661e34bb3d36a07b

SHA512
494a5595c4025669045a8732be087ff5500e2c7d84740099c53c03c9591416717b4332f4fac1e40a89f05ce63c30529b51acf7e5a1e12d38932ca4110a655c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
134KB

MD5
653767b1dd9a26fd5c73ad244798ce6d

SHA1
9fe606895e429e1d623acc738526c5ac4c2b8ec6

SHA256
ffafcf5c23b35c3c8e09f7b29838b2d7e166b66ad10f8273097e18fbf047d5e9

SHA512
cfe0565633112d6de2e25058ec7d2cd7d4e21b43196ab40b00625f4ca8bbaeca82ad074c22cc1e851536c53fce09ba94bf17eb69f1a9ed8d1179733ccd0b3130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
63KB

MD5
8edb759bfdcc3114a4f8216e1c7dd5c4

SHA1
fe4b43eca82cd5fa5be69767e5d79406d83aeb41

SHA256
49ffb76589c1ad70745710486e8b35f7ee9c5f28d391ba699de71b6ea49d4ef7

SHA512
261727f576e806a3b4001c8b1d75d2cfcb8be9b0d3e5acdd3e3aa9e959eb068d9c9749f058dea2390586c130722ee622dededebdfffe70fa375c0fdff0754f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
Filesize
54KB

MD5
41eee2e7afedc56778c8308b3abad092

SHA1
c7760781920d1c0f6e79f16600988a188cb82386

SHA256
8ab335de1e04f5f362122c124a4abc5c47b104807cd7f69561773526d3fb1899

SHA512
9f3dd11ddf9cde09ce8dd92deca5580545be51f77b45234460dc333d4af0ab700dd0615ee9039a5a3785f1492753df28865eb77c63c919941773bfbb7478e972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\187e19698d7c80fa_0
Filesize
52KB

MD5
80a6e4d7d87144b36f1cb3a912db3a9a

SHA1
4b26bc655916d3696294d127aa3189d093a516a3

SHA256
f79c144cd76e9f2f8b143aa63a4d1d20186ba81938cdb32348239a1dd6635ff9

SHA512
8938bb84235dfb9c9c31a8895a00eacfaab1a15d6b75d9b56f3935cf2852d85b2a3c293468f32502f2fbc96e318e9e15d570e5274b15445fc17a2b1dfb6dd7cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\463fbd108cdb08ed_0
Filesize
3KB

MD5
405073e2181fefbc86be6d8882642302

SHA1
2fc5d446d54c5655166939db0bb20cc34275dd6b

SHA256
a63f6f1d7601a25bbf388c04d869ea3af7b0602d4eff882860a4d16084d6b1a3

SHA512
151d0786e5093ec43a6ed7b9553cb67875a3da869a625e974904e4976cc1553d95f255f904daef80598f411da3d55cad39ebed23479bfd235767253f234a0f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\57bfe59f310cf2c5_0
Filesize
297B

MD5
353191c48bf87af0f546fb556bc5600f

SHA1
e3c5c4b309785de8d5fee7fc1f04ebfa50b2c5ae

SHA256
b66065a071cedae4d4890e32c4f1f6f758b773dbe29ee6c4f1cf28d3bb498368

SHA512
3360b81f45cd128cf0c8049e9beee5dad9c2d2a6d83314477466e986effa26426c5476ef312b7a66fbbdfbcb748ee356c74a263ac4c5bdbc710a16fedd1abd58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7b0976f1fc3da481_0
Filesize
32KB

MD5
ca5ea92f246f5e55a23bc6362697dd5f

SHA1
5e5194a8bcb1888c3224b7db03bd1f39c2081273

SHA256
2c1ecc4eb27eb2eb6930853bebf2e19a2a98f4996070ccdf6f5eb52756a57664

SHA512
e6fcadb661adc1fd277e97ef012b126bdc32089b41572278a9fb997dcce845ca83ef1bc7fb6888281d63325d4c6fff39e6be9d06fb3aaba77314adbb7057c7ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7c05a75a5587a7b3_0
Filesize
321B

MD5
96796f2b30439e5d794132c2bfa5e8e1

SHA1
44f9b096a0df108e86ee8481ae95d70f1518650f

SHA256
16be2ab29a8ee20abc099038e565a966f98950b373586237f8caf70f9a7f675f

SHA512
750b9ed3fb210c495d1e99d7cfbdc7169a103382224cde6975a9a35ebeed94cfa34049c2eaf3cf3deaf6652baa8cffe72409007937dcb2c091d13075b30f2f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e0d916f88c975803_0
Filesize
3KB

MD5
2a2fb580b10213cae7416eabefb9ad2a

SHA1
bc6e44ddff7aafdec9df8572fc5ca02f8e5b01d6

SHA256
408861cf15d0603da6386495dbe5e75dcc2f9393e1439751fca63fb00565963e

SHA512
7b7a27dd803ed38baf9c96dba37c23d34dcc9b818211bf377772397ff05e08d61c0732e7405d3b2996064bb6dc4a763304a272e48ece4c0f7b3f6bcf47fc1b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e87cb5efbd2f4b35_0
Filesize
39KB

MD5
e282ba4d85bbc7395503c1576eb9a71f

SHA1
73f9b80e2c997dcaeb8e77c1462d5dd3b86c4270

SHA256
972b9b1434e29e00844c966f3ea7aa381b66f9d6a4f1759a010a3e9b4c41637b

SHA512
2f0ba10cef6d85d055a881ff822b7460e5c0953d8edc26ed8fee14d7977f07bb2c1052c6c794ae103342c85c1bf2a7656f14c04f1c39f19a1c97c6f3195cf22d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eeca42db30eaa8fe_0
Filesize
292B

MD5
3ea1ae486a927a2b9184dc2f6cdc29a4

SHA1
f631e771e97ed1368e93cb982be687e8dc58be8c

SHA256
7921d9d79dcaa0b9748f6b9cd95265a2f0e353db2e1ca1b822fa62811e3b44af

SHA512
d0e019eb92c5ce22bf45c1b9e6fcfdd49b06830929b694182a4af655dc4cfcb0e12e5f83cee538402f6f638d8e364ba7a19e54a9f29302aea1a841fd01208046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
5d14dd52493f7cbf834ed596947ec194

SHA1
d724c071654c14a85f30c94b8e299d021c550906

SHA256
ab60bae9827cfee9f2f0d10317f7176345a4162e66e2fe10726ea0a1b6a84882

SHA512
5e9ecbe09249c2fbea2878f8cad65a5ad362dd753eb698f1cbd9da3ece742607c05c76ebd89c298e452fae4ab37ffd4602f88519e83d2c683735a915911e5b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
8b9d4e22108b30f7888c393559c3859f

SHA1
255b51bb5ded504688cc2d65d170c1c8f412034f

SHA256
0e1ae385b3cc00ced5910dfc23c787a32fad9c8fc67a1e7d8f34a7be8715107e

SHA512
d8ebd412d98ab8d18608bc50b5fcd663f6e69b7046b461e277502b1d7e22821c9ae51a78d612a8b1165bd53d238393fa53db7a55bbb5e74c6cf319a681ca9a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
7c20c4fc78f55b98eeadd8df779777a9

SHA1
f87f59bcc17e3fa337703f971e3b4022147bdab0

SHA256
44392030bcbbd3cc94892b732eaf3760d460b302399e230ebf1876755e4a48a9

SHA512
842823c89a08ddb061aaa46810de63aa2742da1061afdb174c8c132551d653935bbee40302e7a64445f0cb0a3d99f271e9808a97b741dcc0d3ee47c5708a2c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
14f65bc2273218e0d9f0b3f74459260e

SHA1
fc39a6f5aea490485b7e8e59fe0ceb477c5f21fa

SHA256
9ce385ad8e9d603e1384e4f2c8e1f7047d89f12d57443828cc82e27ca5934cfd

SHA512
8de59e9b15f0d6bbaf374d6c97e045680cd0ad3faa0335152d91721119ff34e034ddacb6ea51f556663fcfef05f9057583a645b668c98f0086037abbcdba2254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
22816009f980b9acf438a40f86f659da

SHA1
d035e9d5485f949ccb5268c7dc6a47cd041a730a

SHA256
5adc62f4e6b87f4f623a9a50991c1ca94f01c1483389c02ef29b18a914f91b3b

SHA512
b3a165e340f1e7aebbecd6bfbb18433ca4c8577431b62fd3f2bab4a8156c7401737df6c4156da486218d843006a801f8e120521d263e227dfc710bf771ee8e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
7c03a1034a16c424ee5abbc47b75fdcb

SHA1
a4bc8de5e0bde4f72582490a4e581c8f47bc4aaa

SHA256
baf90188d6ec24169c984cdd74eafdea72e8d028af7c903e084963947bbcb915

SHA512
0441e0e57b34640cd077b4ca9159ea2132275e34802e8a62a00e02b9f278edbbedbee06da554bbaa3106b4dd7b903ba062f6c8277f3381b26de29c07f36286ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
5fa0ba8bf6b402fc377fdd55a0ab2665

SHA1
1044afe7748e5b039d258e8fce33c722f2aac593

SHA256
8509db9a8797d14887612e9ba3b0e6d0f77c63d2aca7189c4a488903022f6d22

SHA512
8272eba2fa2d6406d9b57b366583d0685df3fc4840f89ec1dbf2a0e6db70697a1f9268a2fd0aa9226f304e05adcba02a3c24802965212d9e97ef3b55ae66886b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
4775935aeed11a1c99f641e1aa975527

SHA1
65c0bc6221b70e0d440a7e35865987e2f1a9062b

SHA256
8e378782bcfea9f632c9c7ab8deeb6d00c666d93c03cc32659d016ec6148f98d

SHA512
107322d7b2d9629003d90ec4a724186a784c1bde2bd3b779339080e3a4e7ba64aca1d24a5e1327f9f8f0f4e3abd082a2198cc93fb70237a384457a8f9f992990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
b92e9ccd1c2f1d72e281b26bb1ddbc69

SHA1
6b3c1874e879a9aea144b32f2ab0a89752e62500

SHA256
efd0530047d152cc39df7121049d1b33dfdb919bcf54ab888c0205e162e8c96a

SHA512
495cd361ac76cd6f97f301aa1991efc64fe8581a32f127180e77cfc8dea7766bd9c4a57282629a9ff284cc0a7197a37066a1ca8ec531221651154904fcbd4856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
56f796d0d5245f010e40ecebcea4c812

SHA1
b26d7f86741094d3cd7fdf4b9cdf2615f2581cb1

SHA256
69857d736d785a34b8f55e0b946f487b4f2e31b8972d92d5b5c2b62cb90bdb6a

SHA512
2892efe52d5718db834aa7daec989d55a8b46ff3d6325528fb727e6d0048910f5928cdaa31a93fc084a2f17233847b6b0ce2f8aab7c13f00b8c2950d7c4568df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b0a324a757404478910f1ed21bf6427f

SHA1
ceff7684c27dd54368775d75f524719118df998c

SHA256
0593ec1da91da0e6fc3564515b9b07ae7721584b702a7b2755be4b09fad72813

SHA512
7c737c4bbc37eacb97a0402956eabb17a1f6baf379d30c012dbac95a9bb0ad0c72a7f875ad46ec1c22ecd88e8b1a447ecd4caae15faf7b8b7ca0e047ec2cbfcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
115KB

MD5
5e98863bfe7a84da601e8a9eb9fb0438

SHA1
7b85173d7c784b4a0c1c4cf1eed39d9af7aab635

SHA256
1c1b4d2cdaf39e06fdbfcbf3ab2056a2222ac9cdcd163a4cb4ef129f3e6af58b

SHA512
c8de2d628fadc7a821e63abdea3096026a61c9a42379dc24c43171e5509f6263f125e7d3a3680a2fe58bd116b9d5bbd0fd47ed3c7194b3eac5df05b425870d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
115KB

MD5
d9d2d3137f2e9a9a8fe43db9df8aa13d

SHA1
fa38bc6ff2a9ca59a2a45a832dedb193edff5d9f

SHA256
ec167efc36c4e076ef69a2e8693db1b4ac5d641d67d6f2f11a9e4d7322d9c9e3

SHA512
a92b86d2940223cb775cc4fb7fc6c5ef8d80f9fa9940a965c39a1a840c0c8d81c2a0f23c745ba97dab543963d5cf219efc0c182be28d1ff22489d004161290b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_1768_YYETXXBNYFPYIMXB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit