kinsing | hxxp://66[.]153[.]151[.]175[:]10011

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://66.153.151.175:10011

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506732859451716"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

780 chrome.exe
780 chrome.exe
3404 chrome.exe
3404 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exe

pid	process
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 780 wrote to memory of 5016	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 5016	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 532	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 3216	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 3216	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe
PID 780 wrote to memory of 2732	780	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://66.153.151.175:10011
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90c959758,0x7ff90c959768,0x7ff90c959778
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:8
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:8
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:2
2⤵
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:1576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:8
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:8
2⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4688 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3268 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5456 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6100 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5280 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5668 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:8
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:8
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3928 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:8
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4960 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4616 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1700 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5992 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6052 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1896 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:8
2⤵
PID:1844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:8
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5400 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5420 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5464 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5592 --field-trial-handle=1912,i,4452774746686643667,15287797243692327730,131072 /prefetch:1
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
7f061157033c09b64460cd5eb5a18261

SHA1
5d7e2d45eebc42d3c4d80f0f2a0e7818680b128e

SHA256
43bd155f5d4471c3d4483b60eddc3659a2d7d44fa23da5bf28143b3fdc622cf2

SHA512
222b7c2a476b31eb936473f035b587f4f45edcbab7c2907caaab733b7d8aa8efe038b4ba2e13ee75d866d5ed2346bd78679a5fa933a287f2664ab55abddb060f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
3d738a0e530085ec06c10f89ae7981fc

SHA1
bc886bc6bf8689431d136c43c25485237954070d

SHA256
95aa79218abf4c63f214d44679dc530a7a3dca2bc6306cf2816ab62d119d9183

SHA512
a9e778429615ec1dcfc6cbaf84b06fd614a5dbaa7eab7218b295ac6c0e46aeffe5c76aea90c75fb6f6e37dff54be5f1a8dd1d471d0ef594a79c5caa7154866e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
e5d8dd4e4a4a20f1f4616d373b0d0f14

SHA1
34426cf101f788796cc000a5d87ad3286df965c9

SHA256
6fd028176c91290d3375c6a38ddb89672e7c7d929258b92494fb9b66d4d6c8e7

SHA512
a05a6078226b852b9f99fda07a9af9ac93a40f36655d7546ede0e9902768255e8714b009316768f53fdc9ef07fd173b613e91bd2855e1341fa51d06d0a1712cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
5796c590c5743a00de03682c95b2d33d

SHA1
9cb70422b9f7aeb5e35f237184703aab7a9c462f

SHA256
5583fa3d7e8f4061fb3339b720babf46b10d604c1b288d8a74ac599eb8e2a466

SHA512
6637896731a54754b1413b7c217a78a376357813d2e7f1c23d0c96bfa7c48b1b9788f7c786caa25a2a0d9851ee105cee172743662dbfa0325e0a32f323fc3c21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
645a9f26104875a1219c71c0eb0a4949

SHA1
a8fe0db27fd7e127697791f67209deeaa391f7e7

SHA256
a29b4dc12978520e26e99cddc2dabb5504ce03f2b51125057262ec1ce9703592

SHA512
bb12a2eceba2d7698d309554eb02fa999e854c57699512db8569c4030d5b7240546d0199c82325d05ad137c178d4ba37587bb97f26b877816b221b50d58b4fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f79182adf46019cefdba3c3809f26346

SHA1
8777374b014fe524f921d3e090fc1e3f10adb589

SHA256
16de524e394ebef3789d0d91dd5c746d024d8ca921ff1245035b15786aa5e90d

SHA512
ddb30720a188eac35f2a5dc729a24cdca0f7bfe32c844805009e6b90c2b212309987ce438b679cc0ed9a297a96ca2f1af4c836fbad8ecf470a818cb24c2b314a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
eaca505b240d36fb65d8e267151afae9

SHA1
d697f98c2b91cc8044096759f2aae5a28d064590

SHA256
248faf2888daedbced0af3a1de07b6df8a60fcffb8bb09b186d063d700f70a69

SHA512
a9dd9701da93dace0ad4b6482f9f0efdfd12868320452320651553bcf3b8b2761d9a18f439bdd61e3d4e7cb3159b3a37a57fe63532b66963815b992e8480917b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
13cd82b1ec3e69c7b7b305a43c5fc3da

SHA1
958da75f8f4aaab60dadaac6aef7b31cfd7909e4

SHA256
d7b1629b73bec938e276bef4989dd8911dc4788fa02dc8a61579736f0f154454

SHA512
b51f79e2f9c8148f557a2ccc521c4b142435135688098790bc48a9f2d0bdf2c10fbd80e4dc17c0fbef15190bfd5d858258e8f26d8cfbd63fe34a5474c3d81858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ccac1c4a2cd957a5bb15aef4c4f8084d

SHA1
65cbab602bf54debbb1d2ffd539b39f2bc94d2c3

SHA256
d300ebee4b3e188aa57b39e81d256cc2cdd39d128475cf48efe79af94ae28636

SHA512
def96750f7f4de11b5aae3072c54193bcabfac982ff2f4d6a78631f14e23de2ee00f9cc86d52228cc392ae53440cbde4adfccd2adc22d79aec86eaf4d6277820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0ad677622ca776629a57ee43df27f02e

SHA1
cb9c06ad2ba82a91413511fb8690fc2db0efb4df

SHA256
ef4ac6cffc9e6ba1331e25edbeadb5c8b0f13a0e5c2e0954fc824d628dbee83f

SHA512
5a1668eb3f2dfc56a59f43e86904cbb6987bcfc0be2e7efa9f9711ea4fac199cb1c39a625b476c8c47032fec6e711cd3cc704faa5240ac7d14b4285972883c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
6396de41a1769f105128aa949e7fe036

SHA1
48b2212bad407cba76a7e15d3dd3c56968b7ab13

SHA256
a781b6c91bd89b6d7da37347f89f2a122bd6e93c1762d5ce63f340235b54f1a3

SHA512
64f6775826c3129e8b002b8d7f1ecbad0d4365cc8977fed0a7d0a4050d42b543dd61331b8de46a74b1ee55200a42bdf775e67fa2396639d1a15baa7653706991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
32725c321c9a03744e426d215cdc3c9b

SHA1
740d4e85244ddb4b0eada4966b1d3b722ee578af

SHA256
825c076e3e34351790e91397a3c87b07c3ae22a5df2ed28a3361d4209d69509a

SHA512
edc5eacc75b799d585146e35104a89099854b298e1795b608c0d34c72b47943dfc51c16ac0d9b47689cd065cb7f3968607fe71dd195e18b6c07410953e2bcc12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
d43d51d576cd21334bdd07c5f36f5684

SHA1
454cf7a8778fbd322924b8d894959ca9e5a8b9e6

SHA256
83d5f434c0e019d315ddef426cf7e8e74801443194a2179b2cade9b3b90cf81f

SHA512
f3b93d66c063c5e743f27ea5738b1c48849fd4d5793701d6c1f9bdb6e3dae0461c420812792ee488a545b65f2834fe72b04b281fa00ae1643ece07d1d5f217b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
333894e0a215d224f98c9068280bdd90

SHA1
4453a683f21813db0b9bf17380afc4c969fc2b5e

SHA256
431d6abf7e68986f21a303875b26d0ad9a1252468895cf8bc4c3a93f2358acff

SHA512
548cc359dcd7196592efb66efb8587b4ee04c5b812197526e76b7dfada9f560d1821a3897e517e333a8cf2edd81e7389a32ca66c897aaaf61a5385004b2e9d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58846d.TMP
Filesize
97KB

MD5
4023fb9e326bd5b177715dc43fdc0233

SHA1
1e7129e34d9ab5d4dfad5993031be038048cc975

SHA256
1cd32a09b6ffd4fcd00495f543d738caecf45d1eb67cca0bc2e72a8f6b82a675

SHA512
6022b4b35f9d8a06f4839edf76e11a2ac7ccb2d2b6ec631b3b107cb3fec68a8e6b552f8660d71a46a3287e3946629114bdcdaf5490a87d22645322c7194c097d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_780_TWUXKPLTYLWYMGFO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit