hxxps://tnx86d1r1yg2ic[.]blob[.]core[.]windows[.]net/tnx86d1r1yg2ic/1[.]html#13/43-5242/962-411520-12178

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2024 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tnx86d1r1yg2ic.blob.core.windows.net/tnx86d1r1yg2ic/1.html#13/43-5242/962-411520-12178

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133555488591818356"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1556 chrome.exe
1556 chrome.exe
3764 chrome.exe
3764 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe
Token: SeShutdownPrivilege	1556	chrome.exe
Token: SeCreatePagefilePrivilege	1556	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe
1556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1556 wrote to memory of 3216	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3216	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 3804	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 2824	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 2824	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe
PID 1556 wrote to memory of 4508	1556	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tnx86d1r1yg2ic.blob.core.windows.net/tnx86d1r1yg2ic/1.html#13/43-5242/962-411520-12178
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb86759758,0x7ffb86759768,0x7ffb86759778
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=364 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:2
2⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:8
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:8
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4792 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4948 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:8
2⤵
PID:1936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:8
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4812 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3004 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5124 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5272 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4868 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4680 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5304 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3004 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:1
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:8
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:8
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 --field-trial-handle=1912,i,4243090522414855920,17269049952474025604,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4960

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
f7af1800f913b05e4185e9dae4b239fc

SHA1
7a2a08a54b5216a56e25384273696bce5f47f7f1

SHA256
57acd3e3f7883d718f718bc5ca2adea4286439adf207ba4e22e8ef18f309cf5a

SHA512
b735f3906dbfb048aec69f536138800b95e431e305686137c42eb97f6130a4e01e8084f0bbcf6dcc2da2742f6a216aa86802aaa8ef0b342e48e69911c133134b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
a66feefd79c6e573b820a74758367eef

SHA1
0e1b7f5b37e24627749a90370ee96f79da7c3bc7

SHA256
747dfd44b0d7402d425320635910712ed3fc1ed572fa676409b4722bc019f7b0

SHA512
4f550959334f80a466f5af76433ca2149489b13f41f2ca90d51bf498bde997bc890a3b89102020fe7abade7c2db7a66963d56f6a374965ed20a6744c3ce2e7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
f789569478c090e680de80b8b89866c1

SHA1
95d9f5c4949787a831dbb8722914cb91b39093cf

SHA256
1ed4ad1059b7ca1858c1bcfd4b30160f3dce2bc4608424049a18b1a4ac9dcab5

SHA512
1eea94a64bb30e6334cce3aac759592f274dc943a7c19c7fb796a9da4df45751c2609a36627bd9f13c925304b06cebac0cfe2582b656f0a936302640bf169d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
cfb63687ec620cbad5f080b71fc9e191

SHA1
31a811cd7849a0f756d6bde01f5bf43b2a5dc73e

SHA256
9dea26142e6e952a40f1bd4bae3901ebf3d69183ab995615a7fa5773b298ecf9

SHA512
f7c7b8925f86d92c9fa05f047b7467602c08f5c64eb232b275078edb993e1a91eedd24742d0e0d2429d2c8fae7bc60e40321f5eda3bbba213b1981cc10be3017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
509bdfff170313a1f4bbe359f0f1ea68

SHA1
4a282a4e23534ec3048e970ecd64fa021b8bbc71

SHA256
2cd446749797d4a89a38c2f0d857efa304b81700be651238bce35d7e3041df7d

SHA512
c367c76bf18f1a15d938cc49a2987ed8460463dc65b8bdf76ca60f7ba78c2c3d70cdd3d398ed7564b37b9840d80ddf2ab01c79a317bfe3c87ab74687c5b878cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
8a2238b1e06f666da691c85686b3989f

SHA1
4e9b75647e4fc3debd20dea9092218bcd7b7ea6d

SHA256
a9eafe03489cc60d2fb97aa96399f73da911ae1ec3b0786e480e4af201368ec2

SHA512
61523159211e75a2a4484369fa33158c6b449a055c18ab48e5148d92b3541f3aa31f76ffd1e8998324cfff1195895cd2f6401f0fa0fa80d984cbb05bbf98c446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f6d268abf70685cdf482ff0933ee7621

SHA1
5bc3352d73ee45b21fb5fb760f3d036e1f43ebd7

SHA256
982f1d21c8126f313a936de326538a29bc72d994cccf54905c08f65947731ff2

SHA512
8a3580942ab2fb687df3778b118ece754ce966240fef23ca7f63cde6b956a7fe74edcb81d2849f273c15c4bfc701ea72df7285cefee402db946dbd657dec85a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
308e7dbd13e62c08ad27a56ad2f5783f

SHA1
8b88cd5a3d99a6cb1351880ce7b36922b0853b2d

SHA256
f867b03480171b5976d73dc5ff9b1afa6d65ebd54c53c657023c38d2931f4715

SHA512
435f6e1c7904c5a1226fc4928e48fb2db79d48f2718436acb52788b56d652c1374421152680ef407c7bbb029ca66b100acf3363d40d51ca700ba623aa367841c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d722413f34e11acb9cc84b635ce767af

SHA1
b45f449d454a5a79351ffb7c866cebcbabf3bca4

SHA256
665c53661ea8addca92d8a802440cc99c678298dc0fc2ce13800802d68927dff

SHA512
527d8a333bb5bb2d80e9ad0fadadbd5a2ac885f8e59b6a66012888298b8813ffffac2d3456b08a7e60984a62f441c4a30858e50a98ed18cc986a52565b39bcb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
10aed36eb1eda371738a741e0078fe8d

SHA1
29d70e236c1591c538cd189904ac98a9bf64ca16

SHA256
20d63facb3f1e005df671c10c6f00f724dcb0cd08a354830fc2695dca93ec777

SHA512
45dd75c81a0a090c81e0cbfc5399e92082abb59295dd37755f75e98d17fe52601f7d1c31a169d0d32dcee3e1aca5b5eaede1c9528533a8e184c471bec5b02f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586b48.TMP
Filesize
48B

MD5
522dda64145981762952928f2ba97d99

SHA1
0b5f3b63d5dc8a9e57c784d63ca1a53bd885885f

SHA256
d2342309aacc7f069205fee941a98df17c30c1cb7a1074a908a107340545cbac

SHA512
67bb43104cef525ff03e3aed7bef72a8aa52eed1ec6f2b3258f24bc3e5638237dc863e48cff9066b8778ca185a6e0e9e2a55fd347663e5d9ff6ce1c350146ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a8f225ae-a61b-4770-9564-401cf152b797.tmp
Filesize
6KB

MD5
69eb894c91ad497051a33248a041770d

SHA1
40fff0542c5c61f58339520f9daa20285decbc5d

SHA256
d3caa00ccdd49e3d42ae308cf1ef32ef03076f7ae8e9bf1b3d5e88b6950d409b

SHA512
f0444bb090d6ca62791230f2766454ced252f9b98334ebec3af1f03eaa7754da6efb4549da591f30c9880d2190060d11357dc78e2fb3e5685cdb7ce7129ce06e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
2e5d8ca6ce172c610339bb1e8e0d7d6d

SHA1
282434c4f3b63ba95b4c89a03278ec2c23fe490d

SHA256
2e8c2a6972f0a9abe37fdb07e14396c38f89f10ccad89c8f9bf3e9f4bb755fb3

SHA512
636432e6a8619ad7747687466bb907eb37021c6721b322be6a70afb7074b9b5f89d689f1c058b64694047717a78aa9f8bbe089858231739581a7a702d3cdbb47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
c30fa911f7c6e066a3741a8a4c68e549

SHA1
80198393d7d93221d444e054096aa1fb49943bd1

SHA256
80b5de37de4274f7d527aae6a33d9cd4de182cc838a4772c40e540df2818b571

SHA512
fb63d66a1f23ba7a9040e4a2de0d4793bdee3913f9aa2273a64a078ce17618f36a985ba7c9acb381a40b0891055501985aaa221fab2385b1689e9942bf95a7e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
1a229e41c4e87ca99c43f667d89bfbbf

SHA1
14dec1c95f612a32adf52becfbab774a7aef56c5

SHA256
74a996f1f42f9d5b9ac75ae64d9382809e8abcf95cf4288199f916f5ed407791

SHA512
3b2d0124aa4e71a23714aaffa64b1c1cce4af0a6bca1f7fce0eec544d083ea5bc23fc7cbff0ec0b227766ad79554ae71a38b2df9ab0048c41dec942adb37243d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
7de481bea31ffb58ba4b31c7602f30e1

SHA1
7ee06d0a82acac58b79abb886e11a2f49cd1a358

SHA256
7a7be2923b80ac8ecc20ec1506e12b9eae69b8a9f44ea1a0b82905cd6385f394

SHA512
e002676d0a3fd23943b6b3bd82c3f821fd163d1633b579f5903596ab6197bf9730e3e8996cfbb32a84c2eb31e3fe47d6084d74f6c78693d5bb2f5af88513493d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58506d.TMP
Filesize
97KB

MD5
60693003e62217b98b1a56ae5d33e25b

SHA1
0ed4efffd9431d58c78ec78b8520501f7e34244b

SHA256
026df8a55f94f20fa0649c2dc53c7cd74c24a149a03cc7e3c784f1d4bb954d60

SHA512
1f586a0455aa76df38958be4d37b182b6e78a5a635f72a3bc871ec65c8689133f9bd6382d727218ea865cd127d00e012aa2f7ca04fef4a27d9a7bdc64b2b0dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_1556_MBPDRATFRQOHNUSN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit