hxxps://url7923[.]marsello[.]io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui5BHee-2Bby0YRRAI-2Brwc66UM-3DUCBe_LVcTQob8ek-2FwkmhbM9rsNXjWPIVnmISQUGdwlgvvzvyRjKmtmuo4Rymg2fxyXe-2BlTUhbK-2FBV47cOAcmE02mwni65ZwKfiCT5zWs1coWSkSE-2BFZI-2FMh3n26-2B87M-2Fa8Jf-2ByuSQrNK7W0EJcMC5f5HfLuJ5MmjUJ-2B66yL3uEBjkrRxqTH7yiMAYd-2BWDcm6FRmOscAPSOAnu0ul4hqnv6-2BQ0L57ihgFxeO3abXDdDnMb7gD4fnrGdvF0PIxo1N6O1Grw0Ic63bS7DzIBDhR45A1W7ezOzOrI0A-2B7ira2vL1jPtSVSKPh0Xik-2Fdd-2FaDodgxV6#tvictim@victim[.]org

Analysis

max time kernel
149s
max time network
149s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
12/01/2024, 01:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui5BHee-2Bby0YRRAI-2Brwc66UM-3DUCBe_LVcTQob8ek-2FwkmhbM9rsNXjWPIVnmISQUGdwlgvvzvyRjKmtmuo4Rymg2fxyXe-2BlTUhbK-2FBV47cOAcmE02mwni65ZwKfiCT5zWs1coWSkSE-2BFZI-2FMh3n26-2B87M-2Fa8Jf-2ByuSQrNK7W0EJcMC5f5HfLuJ5MmjUJ-2B66yL3uEBjkrRxqTH7yiMAYd-2BWDcm6FRmOscAPSOAnu0ul4hqnv6-2BQ0L57ihgFxeO3abXDdDnMb7gD4fnrGdvF0PIxo1N6O1Grw0Ic63bS7DzIBDhR45A1W7ezOzOrI0A-2B7ira2vL1jPtSVSKPh0Xik-2Fdd-2FaDodgxV6#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133494951970837574"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3084	chrome.exe
3084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 4492	3304	chrome.exe	73
PID 3304 wrote to memory of 4492	3304	chrome.exe	73
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 4440	3304	chrome.exe	79
PID 3304 wrote to memory of 500	3304	chrome.exe	75
PID 3304 wrote to memory of 500	3304	chrome.exe	75
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78
PID 3304 wrote to memory of 4824	3304	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui5BHee-2Bby0YRRAI-2Brwc66UM-3DUCBe_LVcTQob8ek-2FwkmhbM9rsNXjWPIVnmISQUGdwlgvvzvyRjKmtmuo4Rymg2fxyXe-2BlTUhbK-2FBV47cOAcmE02mwni65ZwKfiCT5zWs1coWSkSE-2BFZI-2FMh3n26-2B87M-2Fa8Jf-2ByuSQrNK7W0EJcMC5f5HfLuJ5MmjUJ-2B66yL3uEBjkrRxqTH7yiMAYd-2BWDcm6FRmOscAPSOAnu0ul4hqnv6-2BQ0L57ihgFxeO3abXDdDnMb7gD4fnrGdvF0PIxo1N6O1Grw0Ic63bS7DzIBDhR45A1W7ezOzOrI0A-2B7ira2vL1jPtSVSKPh0Xik-2Fdd-2FaDodgxV6#[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb13179758,0x7ffb13179768,0x7ffb13179778
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:8
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2808 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2800 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:2
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4644 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4956 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5304 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5668 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5852 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5960 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5172 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6068 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1492 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3096 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4940 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6060 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3024 --field-trial-handle=1820,i,6882594165273253104,17066974956406738040,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
64b96aeb789be46b0d23a62e29749f8e

SHA1
16edd051543fa779892c21d1c93ad30ef690f8a8

SHA256
2b944764f2ac55eb135b7db2a8edc2e82e2b91f60c8579576a9d65cc2dae8183

SHA512
52a36d756a6d22a3adfe6f1e159c74053779d7def43742b9bbf5625d68b43a16442741fd50be66f16ea7897468d128e268eeacdc11ff6bfdaf7c653bcb59189d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
81ae00ecf4854f820fa02066a22fe79b

SHA1
fc0e50435ef89f82bd066d06a39584351494e71a

SHA256
a5b31210d24e61f15a80b92e0c1e03257d609907bf91199b2f33d1306d3fc2c4

SHA512
b9cdba50d1976f52f7c0523d6e331ad388aaa9e5acd90a1abb0518950ed16d4baf639cdd527cedcd2d29f5a85e1b541ed759c0b0037eae27776869c24c1e502b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
51671fd26e26b5af9ac7a878b68f54e4

SHA1
0f2670a4b057e71e12d97d11bf30a21c928699a8

SHA256
ba0c7320b462079eef15abf03c51beddb966954e03300b3682427f0720ef1f0b

SHA512
4074a912352aa694abc117aabd0d126c44418802b789fcf251ee9f0446ae71b497535789fb0f74e79fcac15e256a42a358fab48acb0eb3bf932c67cfdb50de0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bfb390ab445057b4ac328d1734192be0

SHA1
923b08166d2548927670b880fbeb0ad2b313a356

SHA256
168ba42167aa42f935141132e81d5da9e96942ca76b86459a71be53cd2673c5f

SHA512
c3396ac53037cd5efebba2badfdef4ad36cae0335300d2da35bba50fecab923087f30221ddd66c281c0544687f809e92c793de9ba4a008bd74d4685a34e99735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4f42cb6f5711ba69ed469b21ef9006ca

SHA1
8a4130824cd11b90b64824deaab875e1cfe2843e

SHA256
f25bbe833fe234242e28c89b23a4b74b695fc9b408e4314577e083dec7d85e6e

SHA512
f21cfa3d50311a0f688b06d70c1c3f2355eb878af488ea88d65ed77efdfe2dc7147b6fbc58c36c43b9229073d9995e5c83d6e9885b1b2ece4f2253cb7069dc45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a6efff5f7e915a7f810a4aeffebb9c6c

SHA1
d8664a747bfa94f9f1d27012f72bfce749a79110

SHA256
63ad7304796410563f68c06790b5a3d4111f544e254bdd9ada49d87cfda36d35

SHA512
3dcea6df093e9314949ec732d9cd9c76ae613e064d2dcd07c19b4b1f3ebdab3f3f7142fa4c885ceeea92598c49f613847536aac1c0752e689e18a3698938af89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
f7dc4d27d0b002813dc2ea33089e59bf

SHA1
ce028de700382dc0a490e0522fcd7b0032597fed

SHA256
c9a4dd4ff87f50fc4404312a6a6eabfe3802d87ad57109d65755d31dd4ab7131

SHA512
6bdce238d8929e8dac05785e7d17c765e0efbac8ffdb6f898e8529b44bec01a109d0f076acdb9cb3692ada802e4d13d58069a5d32536365632f21d576eed9d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
dc89c295edd82336be07b7c6f2bcaa86

SHA1
29f7ff5f696599cee992d6798d6e6a28abcb89e5

SHA256
83f460962a6bde24a3cbddb0d8799a6ec9eeb254f5c21e678de95ea3936ff4d0

SHA512
d513a8f0d86a685e1a20be6fb0078a134aeb764357a012ca5843c3d33a230e3fed8781b188809cd41aab17383ae021b33e242d0b1567b2876a1d643b6bd90ce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
ef5a8a55ebd6bb61be3dc5ec182d9c81

SHA1
6716c4df15ebc58820e0e2afcdf1951ca7737409

SHA256
6e0c028546c4f5d17f31dda0c216a8431fca6e92e392ec2eb8104a066e089911

SHA512
90d99a8bf64408c96dcaa30c00b25c323c80775e8a6a6bcae90aa537e81a5f752b691298f5a07abfce803575ad18434f294f4ff5e73dfa92423e8e63d1627433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d793a1543ef642f82e8828dc1db8b31

SHA1
2f0fd5c7fdcd7816dac5ae57de123456d5a3169b

SHA256
5f9026530652a815e51cf183dad753a85c00cb0680d1f1559c17ca3c79af19a6

SHA512
a8d2169e00259e354e26320c2ae91e6eb8cd72352f1f86c84620df0c41fcc254b5633a7afcdb58804986c951d51b492713f0417b1fcd9f11ccdad5aa1942ca16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c34f73c56895f5a9854482eb2ec63f57

SHA1
204ca092c299c1bfbd3d4a9240b73648d0c6ae45

SHA256
ef35a2f382c7801d1bbd79a47e602fe0ba563bdf8df63c66a8b3c6fadd9c8385

SHA512
ff15caad2db2fc1fe0c9f10e17d0ac343edd2acf72096baf4cb107535b5c818f904a64852042eb26873a6629819356a051d0927f219a8bf64f8d84fea47a30bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f4eef96047c1718744ebaa582a1cf5fa

SHA1
ab334472fd3d421d7f960493c3de23de4d335edf

SHA256
619b64bec29758476875844a6a4ee20caaf9f2ca24664efe839d1ee3845d01fc

SHA512
4555ece4a009dbb8723ec8bfcfe4cb5d38236c0eb00799abf898479bddcf49f63088464e48c528c472bbd866eed310fefaaaadf5f61e44a2be16c0127feef181

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
47ce3826f59dbd222bc73860084c1591

SHA1
d22db45329a5d2bbc9880c2e14b17c258015ea1d

SHA256
025be78fe8ff6fdd44b7587912e923aed0316740fa10168cd810439725ea5076

SHA512
5b86f50def60d98271f02cc2883206bd325f6da76f3ebd35b152c4eab096ceeeae9e2a3e8d50ffbd02684f7c89a8cbb438674698d5d2dfdcafbcacc36dd1cadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e3e8bc29426a19aaf4c4d8ca5283f4f

SHA1
bcfd92be32e4863a03286badbf9f960d5fcec4db

SHA256
aec1ab354eea13c1152d4dba5518126e08e6b2d35ccb2909620fbd0a3af6ddc3

SHA512
6d3e5c16cb71e1da2c1c7da66969649eb695d9c3553c4ba76ca7604bcdebe97d3a29e1e787ef43f60e023f0cd1b8664374c396aead7b627cd867f4479cae71b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07d3d28fea895b7e3f3224be1a91358c

SHA1
165033d9456a0b0ecf1956c40e0451b3aba014aa

SHA256
7ebd5b8b2dc8d6cbc820a5d07dc90b07a162192172e8025b8391b452a3264642

SHA512
1e25843dac506d1d7e41cfba4f7bf6c0ae7407977089cfbd25d7dd3f20292284ef0920c717aef5e3c71e726eae6fc42dae9a875aee6c012a42722aaea4a02138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
83c198dd8d10812a91d48779196d1b02

SHA1
68d0a34060c440b44fc1a6cfcc35fa0a450a1ca1

SHA256
9a9d7529c4f7639885c31ff3a9e91813b62070032d79c12be576e211773bfb8a

SHA512
ee5fc375010ab0b2c8164688b70c73a267d67a65523d1ebb00a157e3cb5614dbffeb93808ed35a84874d37042f9f6f7f24f42ec1ee8fb57d8f4098d3935912fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
698c736135d5264dc13f118f3667cf43

SHA1
93c8b6f320c10a0449d83d69fee75b29e6a3e4a3

SHA256
182651244dd46f8773d57e7493a6833c386efb1bfca8e16c8163d61c0c9ab051

SHA512
6e2342b89a60656d905b36a3d1e00b91220c8538e4ff28a04ce9c8cda6c8c470f514869b3dc1bbd93101d42b8e640e2c97143823ac29849397c8cc075d72d618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit