hxxp://steamcomunijty[.]com/activate/gifts

Analysis

max time kernel
158s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2024 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcomunijty.com/activate/gifts

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133569868221192936"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1140 chrome.exe
1140 chrome.exe
1056 chrome.exe
1056 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

1140 chrome.exe
1140 chrome.exe
1140 chrome.exe
1140 chrome.exe
1140 chrome.exe
1140 chrome.exe
1140 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe

Suspicious use of SendNotifyMessage 60 IoCs

Processes:

chrome.exe

pid	process
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1140 wrote to memory of 3096	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 3096	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1800	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1528	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 1528	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe
PID 1140 wrote to memory of 4904	1140	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://steamcomunijty.com/activate/gifts
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb90d9758,0x7ffcb90d9768,0x7ffcb90d9778
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:2
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:8
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:8
2⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:1
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:1
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3804 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:1
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4800 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5828 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:1
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5968 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:8
2⤵
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6108 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:8
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:8
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:8
2⤵
PID:376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6228 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5584 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:1
2⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:8
2⤵
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:8
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4180 --field-trial-handle=1876,i,9215153757071964744,4999494546120798315,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb90d9758,0x7ffcb90d9768,0x7ffcb90d9778
1⤵
PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1908,i,3207683612428770229,7836920447477455838,131072 /prefetch:2
1⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1908,i,3207683612428770229,7836920447477455838,131072 /prefetch:8
1⤵
PID:2692

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3572

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
7f652922f004ed965b78a444360adb45

SHA1
c681cba7ca5514905f53cab070f45fcc549b8efe

SHA256
e888caafef4d1107a5ed6749cb7520e7f7eacb2b0f2cbac9f8ba4882167200a2

SHA512
f9f79f1360f01ded2ade45a14af8755f9d76d02bc82eb643bee7d1ddc196b6502047a34878e90706878e15ed25ba85b3e32cf0325e93f9a90038e429b87ec294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
908f6b43fa589398156b5282d03c1ea2

SHA1
ae115d1453cf7476f8316b68fd05fcc8a4655cce

SHA256
7dc55db2c7fd859c66440267aeee1d00106db538b417049034eb6c1f1ded4c7b

SHA512
42f1104daa7c727e9ba344222cf5efe79a5e06eb6d19a4dd2ddc846c1cc4109a2fe15fea9bf805ebf13405b166f65bc37a43ea1c800dce3f951c8349b149b45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
421c226dcfa8f81bcb48c740826b0584

SHA1
35ce97d63ff755c005df8074429fed5fa12c2243

SHA256
e73b7719714112aa17987ea523dbde05b693482f7843a7e1024196b501dbf29e

SHA512
e5f505cd3776d754361905296cc3cf455468c845127d13a4e0533322d037f0ad6256be870f5479067f67d67ee91c2fd57593ec5436237a5e81b73c570995f7d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
b218017bdc6d472e938ba36e38c8900a

SHA1
a0702c97bcba570f8030b5252c4c748d25e203bf

SHA256
54e6cd2f5f743ee9472c5d93ef0eb7ec2e5288bde6cc9629ddb7c3e10306b68d

SHA512
f1de868e54ea6c0ea976bd1488d5c152bdee5c8b1b38ac9f66b715844bf6d8ff60cd829f6417e3c6a97c7327d634d43ba04bcc0b6778c3bfaf7e5fa1f66789fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
2bb964db0ba151e6512449d22359247d

SHA1
9aadf838907635d0b7d881a694714c2472663b43

SHA256
72ec7ff810449c287da6fafcc02f01225293482b4fbbe29616785be2325ee4b8

SHA512
71327e701369b0da2036a7c3c09d2a0d364a694d0593f75f3107f6bbe5b060e16ccd13f6d485c12872f8d0c6d61a95a3f3ea903156ba2923144725c41fea38db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
cca1005f440923e773d88d79089e77e2

SHA1
7b5f67cc1439c37f531b6a5f1a0ed35451cb7312

SHA256
aaf463c9291ec88c722dd8cd4e1fd7a05301c5b3ced27db4b1896e1344206b85

SHA512
b8b4df4b2c0c5f81091dbf3a2d75b9e08ae5afcfd19246aaffc08dac83ccd5ff95be98a0e778024f1c76aa4aba394fc32963ace219529a08765739c9f8436707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
6b221180385f3d88f65469ab69cac7e5

SHA1
e854b2c4a1916c80ac42fa769e9c0eb7786a7d5f

SHA256
2ef4dc0a655ef2b1b19f500b8ebdde9956e2d0127979c5415d04720443c98a57

SHA512
0a16339ab0f64d9eb281d9782a9294fa72ad1dbab0ddf7fa9c14cebe884fba36fab97d2977b9a7da86b2d0020d4ebaaba6bcbab938e0e732fe39e0a622ea0355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
61e8944dae05ddeda0c0c4bd7617c1c2

SHA1
8b60cd6920a750a55bf72943ce6744adbb31399d

SHA256
5ca500fc5681444c475b3772222faed32c7f2e646152606d76e9022410027b01

SHA512
3a3343ee73250f717a4b4faf1845e56d41704a0faf76effc09f90155b37c5a155e11d45f98f112430b57ca4aadc9e9b9f2678e72095c6d51c9f2e02ee81121cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c1b6c6f8acecfb52069de19eaec56df4

SHA1
4ec782676d7316fe6056fa602b2a47001ba0f189

SHA256
5f4f792ed24d87c8e165e8f01b4127b3a6c05fc9902e7c8ee340a8a6ce634df9

SHA512
ee1b8a18e8584fe7964762b4b5bcfab93b6700612cbda051b16678cd149e942664865fa7441bf9782bb2e569b74229dbbd648e7659d52c2a12b52f5a88e0c05e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6d2df8e7256de525030d23121c8b34bf

SHA1
05e2c83c3f07508e3b7942f9a900b0113363c083

SHA256
fe9b9b50762fd4d6e8f29403db1a8365e2090e9393a9a27345b6ece33d228d6b

SHA512
84316b38a28b83893767c52d4db7ab785fff906d6c1eaabf40552bffd7548a0849c27da113cbb47ab8b3f9ac98820366c6aceeb1affe531da68d21130cd68607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6eeb7ecc8668323439ad499003df754b

SHA1
ca825e3bb91a4b24d0a2b14472242eb1c20101ad

SHA256
b5b3c5b8131e8c3ac5e1c3cd689db19e07a56453e16d15892e4f2927a22c8373

SHA512
20689bdc2c273c9c81f4450ce52b8dc3609a3de566e7ac8bf6bf9b6078f6c4c07264d20e7e6d25a0e23afeb81e42b260fb2657b94f896e422e2b1d968d317cce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
747e6059c24273c69221e92772529235

SHA1
e5cb6cbf76ab1bdd8449144e8b328d9611c4917f

SHA256
53abf226abc7eaff42eee79d6d2aecf29fb0d4e1b0b48c444e8dc5473e34c8c9

SHA512
c8d225ec69defe30b823badbf5a326e8da6e773caca746053f428eeb32c8de0e95787c5084bcf3bfe54e9855aab638efc94537aec1d43364048c87924775dc05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f9b4d814678dea4f751248ce4efff9d5

SHA1
f3e7bccb468c40d80a55f38e4a2af3db06f317a2

SHA256
e1fa0755f6620f7c5fa5b60904f7622261d95890d5eed6795a85a42c673564e4

SHA512
f9169f7ae09ddbfb3817af84661ca0d23ce97a7b7c6f37210cb5760aab7ab59f479d50e5ca21bba582b492c7fe05ade6c35a751be9a89fefff0182e02d9254e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
43921b8de1e564db11510e2a8eb4a1b7

SHA1
215fecddf16a86d6b0eb5976c64ff0ef15a7cffb

SHA256
aa3096c8fcba913ce1ba1c0470dbb32c9c3b431db9ceb2d2f99d203f62cd1b14

SHA512
675f3f9b03f45f2f6f653bbf44429d5c3588f4c1dd4048b089235e1cc405aaeffc28811b1ad629f08c976fa669474553fb7ac710f22142bfead80b65a1e4724f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
d9e471451760e814d882e48041e41fc7

SHA1
bf608dc9c684e1a067a2ac08e7d72d7218adafe0

SHA256
81f6b8bf8a4f722253350ab12a00c53c26ac8d8b5b0350820ad56089aeae9fe9

SHA512
6d36dec78e172d9f851a4b017b72d1680b48c3bfd16df39a92211e8e8359d91f282dd7fb480eb7ab3818374f1a2d46a182189959bced641301260f7e0c049993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
109KB

MD5
733c23abcd69f53b2666edacde5d764e

SHA1
2aae982d9749be9d3281771a4ccee8ee0dfe3d22

SHA256
669b43347cb9309cbf9045609d476474d61733f12121deb7b3a4a202a3b74ed2

SHA512
38e7204af65ae0a0ea8e886bea3cfb41e6fdc12d542648880230a2f63ee92790007206d25aec8b4b089b53f75147ae4ccc5323d75aee994b080dd7d81bd21a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
78be7728f5c8e179416d8892cfd8db5d

SHA1
318d3c19324a1f9428392b1fc5b6e1b740cbd937

SHA256
287dad60a8853ab35fda7f976e80d8b56a9fbf6dd1d31eaa104cd8bdd0ec0363

SHA512
51372a7caa0f352f0c8b882861da11863a33cbd51d6cc2cc6c69645cd3f44fe222a24112511c2f166f54268ded8e75bfa3a72e7c61134ef5aecbd3da47d15b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58aec9.TMP
Filesize
101KB

MD5
589dc819b288431987876094b7f66dac

SHA1
e544f0aac307d5dc59b6fd3d27baebe7f2ed4b95

SHA256
60e2328ed8647217196d613c0ac3a7ba905c28885da3a823247890a299748d43

SHA512
4b35ca4382b08ec4bce6ca89ecc1399b99c5abcabc4c97d893aa282b6b93d832dd436c9d355acb1914fc75f36c779530867f826f76bcb7e7c8e0bb3beeab74c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1140_EWZPWMHZQEXVCIOO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit