hxxps://sc[.]link/mJpNp

Analysis

max time kernel
91s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
16-04-2024 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sc.link/mJpNp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3920551245"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31101014"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577415282137342"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1056 chrome.exe
1056 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

1056 chrome.exe
1056 chrome.exe
1056 chrome.exe
1056 chrome.exe
1056 chrome.exe
1056 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

Processes:

chrome.exe

pid	process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1056 wrote to memory of 2864	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 2864	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 1624	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 424	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 424	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe
PID 1056 wrote to memory of 3828	1056	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://sc.link/mJpNp
1⤵
- Modifies Internet Explorer settings
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffec98dab58,0x7ffec98dab68,0x7ffec98dab78
2⤵
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:2
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:8
2⤵
PID:424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:8
2⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:1
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:1
2⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4160 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:1
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:8
2⤵
PID:584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:8
2⤵
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:8
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:8
2⤵
PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:8
2⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4720 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:1
2⤵
PID:3584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4476 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:1
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1784 --field-trial-handle=1828,i,7009295327361688652,3745568702500348648,131072 /prefetch:1
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:704

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
9a3b62aac03b5c3df7a45492fd4296a8

SHA1
7986bd88e4f156d2826edbd9217d39b7bc601c0d

SHA256
7b0f82db3f65b358c42f24eb6cf480c73fdde593b7381257c35d8342939b6d15

SHA512
64fbc53e8b7dd059955b66650d7b5db476f8086503247cc5f929b25ece6ad6a03f7e4a7444c5bf606d21b7c115bca1cf6ab01fafa979408adf36504f66a7b07e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
b098dbc3c735ee42f241cfc3d4c09462

SHA1
7636770050d9c322bd0de9109aa15566fcb80bf8

SHA256
ae99fc37741a5eac9ccbe93ee4ec61315e45221906e6e6108f955db368e333d4

SHA512
98d1c2948db719e55907b79b8e8da6b5bfbb75fc26e5de5a655a07bb564900911cf949627922d90ddeb9e81a55ea6cc4a4c92deb76df9b2ab6497bcf396c7081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
fa29a16cdb669d918c77ea9958ef36d9

SHA1
db14e5cb74425132ac99808043d7706333d5e34c

SHA256
e29bedd95f75862289185425c8de32ebea5ec749f3d44e55a0cc78fc31507910

SHA512
39b4e2a5c0b92b2705c3261af15124af2465c71efdba02c775d5e64960ecef504e6fe0010178eb5c940df3230e2d22f56fb68ddac74f2300772fd72b5992d420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
e35a778ce0593ec36a517a825d1c6a6d

SHA1
195b461d84cfcb94a214420ef843dbef8787e9c6

SHA256
d1fb8757b10910bb28ba8fddf1c0de736f7ca4500c52d2a31fd1696609b38f93

SHA512
b242acb6c85a6ac3f99ae558be01faf8faad77403d3b2a732c9835e6c671495e4930b9d0698138f7d21762463f6e59d073b6f7529bcdafddd8c17bc84fb8a37d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
c985f3bb041452025adda8a8f357eff7

SHA1
4f453fe567f86565af337b96772e27bbdda11876

SHA256
fdc967a3e5b36ac0cb4bd2ede441b438432399db88e205d42621dd07445243ab

SHA512
65ee29c6b26b3e0e899485f00621ba43e2002d17433cc92794cae97792090569a54d0a271068c9e0f2248cd3519820461e9f2c962321c2e4fadcecac18c9fa7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
f2d3bfd3906aa3747dbbf80b7b06c325

SHA1
e7c4262beef40b4aa7e15f431efb6d3b27a10901

SHA256
14b2cf0b102967453b19e98ccd728cbb6dd125821fae7b2281c3c92f2216249a

SHA512
8a22170167ff8552b0d75ee2e3b1b1d3b5b28933bbbee8cc37697a967219659f003658532b1c5a7e7e6855af8f5b13485ba235c77d3f605db31ce3e79aae70c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3e855cfb21c4e34f2570075b5fe9b55f

SHA1
9c519c3e2af163e919e3ec86de12a4bcd308445f

SHA256
d7819cc1a18f86b42b3323d0096df2e341de6878fbbd18f8eb8967c897e3899a

SHA512
b9a9b4e633dfdf0a2080a6f1213fc56c7cdff0cad15969fae2fe4fc580fc7927af6bbcc9111a713ef0e955bfce57d3a8c2a95a05e70e0f29975808916d6b4bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b2eff77fda4323f98ee5a5fca59a02dc

SHA1
bc78a7b8cb62c6bb2f4690639f9db97ab5da8d72

SHA256
c728029b65d8a9dec54f50f8cdf74d59d85239f4a22342877062f7980b865a0d

SHA512
84cfb9bc777c69ebae0df37166eb3e993bd614d5c541a44fdfde498d93f93c2fe9af9e954f97e530f0b9000e1ec836af0aa1c1aca8024354d7f18c630f6b5641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e613eeccbecbc4982d69db7573af2f1e

SHA1
794db9ffc119921ef344e45eaa64b39d94b6149e

SHA256
c088fadcdb876e1f65b9a6e25066c4039ab0e8a9262440a2ee5ff3cc46b2bd6f

SHA512
5c173c6f9a9f3bcf660e2fdc4bf2cbe997055624337c585ebe31d345821b4073e1e81e4d4639b089c262956ce7b969a92003e9b0e3755ec332cb92f8161957ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
b91735df880d86460b027066e13c8225

SHA1
9091bc13f49a308e55d851fc9b7575453f0d48f9

SHA256
1ac8c42ca3868d6ed536a33185dbc210130da79c8303c606a41b6acc23cfd6c5

SHA512
fa22f43e6a43d2ccdd88efa0578f17c97eb7418f3140963901040112359eace95cf872318db061e9c657483912f58ee9c59137479ce88feffb6b5181fb921f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
8d020e17b0e87c56dfb55ac298d5b7c1

SHA1
f76149914568784a08a22f6d8b1a21bc64cc03c8

SHA256
df162e446ba74602ad2461211412bce1b8a1cfbfcdccdd57906bcba36eb8b603

SHA512
5afddb312a82a4c325287e74c743ad5ff04ad1f47e22ee33ed6620f07cf1262322976a77bfe74ae8860f2504b7f87f839f3a77db8202ac9abec62748b6481142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
41cc907d266464fe81ab555260847521

SHA1
4cfadc9ab86e475e8af6383334d6ede049e4999b

SHA256
50da358171fafdc1f607cf64ed6ad02ef4d8b4b66d2af0c762876439e53f558a

SHA512
961994834baa7f4652dc3cd40dcfa9d5a137d8bfbc2740826d9d505f63e28deec57ea50eb759ed8fa2f84adbfc245c238fec222fd24eebdd9c5f5d043bdf5a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
416aa16d4d26d677413dc6096853666e

SHA1
34863e6b726fe87499bd78dfdea22e98f93cf140

SHA256
7308a45b8c63ef3083c25154e90b3b955c7ff68ae791ce17ac78af92ef80b8fb

SHA512
f6fe63d49c53f739404154ba1a74afdc2cdb80a26b91b5dcee8ea06f5b112de2141356c9bbeb67163970500b13a55e3da415d9c9ce0538ace839b9d19e410e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
757cd14d4281b15b98a16aca044eb8a1

SHA1
8555516cf1a47c7c161a97d96cebac70e447d25d

SHA256
0b20a0f6acd7ec9f7415d6ca6862bfe0953455915c0b136d8e294b885119be4b

SHA512
c0b38b0893eef0060101b94ad200efcbf4d8f574c30c06fe22a94738c5fd30260708dbd4f556eafac0f7dde1e098226795b546c6e0565a337d70fc3a5ae604a7

Download Submit
\??\pipe\crashpad_1056_MDPNKOXMUANFHMYT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit