hxxp://backend[.]production[.]naiz[.]fit

Analysis

max time kernel
269s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 09:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://backend.production.naiz.fit

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133489219672538961"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 2540	3932	chrome.exe	89
PID 3932 wrote to memory of 2540	3932	chrome.exe	89
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 3948	3932	chrome.exe	92
PID 3932 wrote to memory of 2364	3932	chrome.exe	93
PID 3932 wrote to memory of 2364	3932	chrome.exe	93
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94
PID 3932 wrote to memory of 3944	3932	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://backend.production.naiz.fit
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffc09029758,0x7ffc09029768,0x7ffc09029778
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:2
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5280 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3240 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5260 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2388 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1072 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5384 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3280 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5560 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3628 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1012 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3384 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1616 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3288 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4948 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5528 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=748 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5104 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3208 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=1608 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5688 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5876 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5324 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6164 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3680 --field-trial-handle=1868,i,2595348890170495200,14575028589794858188,131072 /prefetch:1
  2⤵
  PID:768

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
58KB

MD5
2aee3fc3e364b70ef4c4749750f9c944

SHA1
0bc85cc0e2db959c4906a0b835a31e94460dcec9

SHA256
abc79a21a760ad74f4bccf506bf55a96c1b9cd8909e715c256db19da448f398e

SHA512
e8bd7188a5542012b50f57270d8360368108aefad80a5addba95fec149d01e1bf19751267559c5ce25e0aa5af5ad3a99e59de2786bf62f6778527dbc0c72c8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
40KB

MD5
1128652e9d55dcfc30d11ce65dbfc490

SHA1
c3dc05f00453708162853a9e6083a1362cc0fc26

SHA256
b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e

SHA512
75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d4a2705396ee6aed6b583aa3b27b5ca9

SHA1
53bfde638423ad2fae75e98b677336ab0771bc68

SHA256
f5dd69b7b88cbfb9c0d6ea761cd7670184d2a2940bfae807c1a600bfaeaa0970

SHA512
e0e5dcbcd3fe5ee2df2bb95cd7c18084b129a4e1af9e5f518a17d497b4364f974f3695abfc9b7dc6d8c25ea447c9ee1362b3ac14b341eeef81e388484012bf66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
b2028edc377b7c41e21607c6e698e71b

SHA1
bd4b6eca56197545b879866d443df30c502e1848

SHA256
cc5e27abe0df6b0d4fccb04e71c393ed93903dc2341f7e659a50bff030fc3bfe

SHA512
ae03b9afbbb820fef9973d49b862caa9d5f2d789c4c7b753fcff3153076bf3436398d907314922544da5a2041f184b882d9ae9923390f08ee0b87d679ec45e5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a453f0a02e704a16136a76e693cdc7cb

SHA1
8ee74facffc274cd5c481d25d68dd1dcb3d7a00b

SHA256
64f0a981627423abfec7ef94419d58e86ca782a8d90d1ed890ab44d523bbdd4b

SHA512
e18d0e04e4df07142fe7f2aa4e94f29108da3f630ca126d924568efdfd33dc1a5b24321b21dcdc8fda8c62f6b5493c6945f327edb5c1eea055aa1189d9ed4909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a0d2049778ddb35a1e36ec9d2dc5f4b7

SHA1
f3b81dc9e82fbfb7c4bfdf3e832c85063be0e229

SHA256
208486c8ffd85f387b9ef9ff5bed2de4af02573dfe7d1ccab88eccbc755e5bfc

SHA512
50ec9815702babe5edaa4c3de7c1600e884ff69bc0bc41957771a86c00e3af1f4be2c6ff82df372236d3f8888df8ccf96b00cddf08131a26ce9cf32abc069746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5b6081f554a8f7856b0b5bf59ee7b068

SHA1
1b5f3d60bf10059e3498c7007a439ebf5a1b840c

SHA256
99385c5ba4de7e61d9b5fb83f32f9bb32b4fe012005bcde59a5289fc71c1b796

SHA512
945ad0ae64df8eaf1152527f9a76c1fbbd2fbdecaeb1fdadc18d9763c37368490090cc69adc6e1e44281b88734a7729d633104b656b8184fd280e4f7e2292c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c411d0d1f41cd4098da985b4c370c9e8

SHA1
c38eb4b282498911241ed2470bc4241d6db2075b

SHA256
022213a5eb90ea0e40941950f0c47b537fb5b5c518adc79394e2a9c689f2daad

SHA512
394c86b5d362f8a32ebe9c02cc48132f7b791ef3ca6a61e55e771bda84f63860b7bccec6a205ffea538719ecbeabb5a7eab9183d57d0e13ab2db2041d9dc3ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
31563af905edde9f68b8eee4a374f5ff

SHA1
ea853939e211033588f50198f1d8f776c2f9be2c

SHA256
bd66d5b9f204a4c3789fc07ac24569c84e1d46fe578c3cccf086b14e65e73044

SHA512
0ea9ca4cafdd6dd288254ac56c1df3134fd66b2d93741130d741e1175fe8a2a087af33f7fc8ef9080ddc621ee1acaab1868770d56cf21bc9478baccf0801463e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
10e989379f7df8386a5a797e26a50d70

SHA1
072145dc2a1b024cdc2472a9514a4a67dda86ee8

SHA256
1ea7e05283409b73a6717572484c852c104461af8cf9ba2965a35fb176e2a75b

SHA512
4be7e12e6763fa6ba276923e0b0be14d20e1267af4f1c74500b60e4f858481c8e039df5cd6e1a1e3cfddeff3f533f92dfd45b8f98795ec99508d329a1ad8772b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
20bfbf9858b4d9a346f2604fd36bd0da

SHA1
f15e8670003b7fd6774e0b1a89d11dc0fb79f4ba

SHA256
e9b8a99c8d27ac7a270b3f43005e1f6d690288f0a998fa59053f3dbd4f4f8a70

SHA512
b5e9e454c5588fa2973b6b336ea95ac89bc33a7f3516e4138d2abeacbb082c860e9c8c9ee6e8a4f911dc887b0d9466dffccd379ec3d117a90fbcfe31e41f861c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d5dab9fdaef42ac291ac797f31e3c198

SHA1
8b1b6ecae2d931dea01673d8917cd155965da957

SHA256
0492f5e6c543a753cfcda3ccaab89d6cc9973f91280830612944fc8ef116fcd1

SHA512
479932b97301dd2006fb544f3486b37d38cef236fc19cdaa8f132ff609aa1ef5e4dc2e52bda263a9926244a38ad2dc8dc05f724769a56dd12d62b3c7cd83ffa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
69a21eac484bdc7144737740e28c255f

SHA1
d16213ebe6a1c7c6ae1b0ec9722ee042ffd0fbd6

SHA256
590ee81fc4c4b2a158de74d9986272b35f92bf4fc71c1c1fdfcb349867160027

SHA512
a30dd6589ab388934b84f2263a1335b02a4dd33f3a1d961ae613fe5dc8c457037aff4f1db808ba000d91a8a3035eae995dd988006371a78d93f6815eb40e9c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48ad6bc608f3f7c48a762d5f6c840259

SHA1
4a155dac8261fb0591517461e1586dc9d5e8d169

SHA256
edba63d4ceffb0351ac7860e153d8191baa823fde106b0ef33d76d5683d08504

SHA512
2179768a12002af0394a5b3e647a2a460f22a2fc5b33ebc410456b679934cb8744d33ded61cf9a5910f62b32e0259c737ab6b709499f9c6f9f32c7cc2bfe7809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0760d6a9714e4cfe3aad236dbc6a4be6

SHA1
9f51d7304c8193641773dfae8cef5e71eb9cef38

SHA256
1a5ea755149a25a0fa8d1bb6209f71608d03547a96f90606200d8b861e30310a

SHA512
f4dfd17f14a7ed19e109dc1eef8170cc88399507908ba0f0a45760bc3237e52402c07d8e76878b3bd4d3385ad659ec9e11a6181019535b455fd81d102e2cce3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac75a9e322771d886bd82aad3f5fd514

SHA1
1e062459f71a990818cb4644179fa3a3b16fbbfb

SHA256
e6934fb5858589455a2898da08c2f8020e0c6039921dcb7a91115aa6564b59ae

SHA512
fec0fdb61857c39fec8b09dff462141da09d129b18cb5f0d844cd66537eddd126ab4ff3a267444127d5d8aa0fa1155f6b003f6534319a0e25cc8a779392b389e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd2a9414c3088784f2575bc9c67a544c

SHA1
a31dfd69003eeb0e13287141dc5046ba96ecb8da

SHA256
c6641241c2cfbb25bbaed5056e0652acc4ec66cc7813b8d2ecdb271c57e51f4a

SHA512
d7f3651ad74cb9299160f65d0c7e75448926ecb4f5463afe09066270f15b6a0a9a8b7e1cc6e6c128e8c67179fedded0842dec3f02e6c53a3fb74366a49d4de98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5a295604e126ff42b874a4ee4fd5be71

SHA1
055a386ebb9d8309d3e5a0b7f99125c8f62a07db

SHA256
6bda235445a47fcf8ae31484510df50a113e316887a20fac1c1a2f1719dead82

SHA512
edfaa4d51f564707fbf09478ffff40eb06c84b9a90761e790a5cc05ed318812813a347bd4e01aa0fdee0a16fa58602390026a1d2d0592325f0f901400b0bdb32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d420f1d5a11da5a2401b94520bf561b

SHA1
c4e308931fc965507f3c93caea560d677109a5b4

SHA256
1cae5721ebbe304b18c4a7f725b483cee7e1c04b0f1ebc073f5f41b24a79b991

SHA512
2b1893d524fef7e24615b32d6e13cbe6f3bde60c0bad99759c52512bb143b20fb3525e9dbb957f14d86506fb3971a933ff4b704035d9dec23e5536e2fbe9f28c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
55f3824cb6a3bc23da135d307bc63b16

SHA1
690b724f76beffd9bdd1dca29bbdd78bb5ccbf7d

SHA256
2aab53e221ad4f250d0d9c26d520abc1a10823a9b24ae76df8162b70accff965

SHA512
744b5831c3b8b00d60f8569677ee97839830c3bc0dd863c7f84752d12f37e0aa0762773a01d7154eaaff920f75e7908cb0fe155ddfd8fc1baa8bf2b4dddaeb35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
96588a71cc7a76788a9b7a570e992a9c

SHA1
92b16d956b4030daadff8c1d00ae45376501f212

SHA256
f7a6608a24fe2ffca03dade739d803aae67040006e4b07171a1e0f30405ab176

SHA512
ff5d3f42ebe19bb9c41a8fcb6722c69be3448663d5716287d2598d2f4d1850b34136aade3309560764311470d50839b653bcd5fa3ade55c513703b6e6b533c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
7d30f1c51b3c492bb2389a8e358c95c3

SHA1
a01d04727dc8dcfcadb9d1349ccf7bc9c098213c

SHA256
a7ea952cdc6dfaa7a496d1dab0bdd130787bd390977a30a953c6384849c0f6fe

SHA512
676b5439a434cf3db5b3617bd0f3d078dfea862d03288f46e8b4e2139965cbf1a1603b33fc2a69e87dd7bc761c48c17cda4f2c562f58430e99abb5b1a00d7ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
3d8ad6e506566e75115d88fc0ff2deaa

SHA1
bc02ce8293f96855d35a33b7623481a3a3026f86

SHA256
507220911406470fd8f5cffb35844659d205b69b6147d3170ad519d2947fab6c

SHA512
870d8ffeda718b43f829e4314e8377114c32524266d6779af71d9ee1901992f59936311d153cbb82fb48685dcb1ffe7949835c9b3368bd64cc05c0a1c16384fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
f0b85350f521fe00ec03659ec438e467

SHA1
8333d176af8c81056355b4c339e67b76ba8ea2ec

SHA256
27311c2d7ec0f37b89d0e4f17ed7fbe863622d7268e4ace4fead6e6792789ab1

SHA512
6da43f91e4ba855567f6f2a7009084851dcf58f78aab6e967634475a7e1d0b7677ef0a2406afd55d9464a278848ef5762c6b2755b8ee4ac08af4637ed6bc92b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ade2c.TMP

Filesize
103KB

MD5
da27cf75309948972e8d8bb10784d06b

SHA1
296aecd38d6c2770e32bff503087e070f22024d7

SHA256
a9fc12f0860168f7fc84d36d73039bb53250a5551e025c23644ec8b350a468b5

SHA512
7ad45f72b3457de4c778fc59ada5acafb9288af4b290c7897aaa0c491558971ddd7274dddeda2061b950ab3cc0f1e47be1910f8671615d2fe24f09ca8ccd38e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit