hxxp://steampowered[.]com/join

Resubmissions

16/04/2024, 17:02

240416-vj3neaha9z 1

16/04/2024, 16:59

240416-vhpedsha5v 1

Analysis

max time kernel
127s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steampowered.com/join

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577603947780469"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4488	chrome.exe
4488	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 2000	4788	chrome.exe	85
PID 4788 wrote to memory of 2000	4788	chrome.exe	85
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 3976	4788	chrome.exe	86
PID 4788 wrote to memory of 2480	4788	chrome.exe	87
PID 4788 wrote to memory of 2480	4788	chrome.exe	87
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88
PID 4788 wrote to memory of 1976	4788	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://steampowered.com/join
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98061ab58,0x7ff98061ab68,0x7ff98061ab78
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:2
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4516 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4748 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4888 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4944 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5560 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5708 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5832 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5904 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6000 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6008 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6100 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6132 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6140 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4660 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5312 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6224 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7032 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6880 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7072 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 --field-trial-handle=1896,i,16708430370122739287,10151204629412224928,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
65KB

MD5
cea82a40bee9c98f8f81cb4f93ad312e

SHA1
466b4dd07d8576ea73949fa6e4b53801674b95bf

SHA256
582d18fe7f2032b5a43e1d40808c5faa5c00f32e7da963a2ec1be537b63faaa6

SHA512
6a1fd3ed94e9fecd7c1a2eabb1dc96858b26866cbe4fa1b248b7df0c2d346afbbcbff228d0ff55b581735d2f6668d0db640227591334cf4d3e42e8b17eef6f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4881af0d697036d_0

Filesize
250B

MD5
e4407664e669e0a6d6adaf4099ea4285

SHA1
9f235036d64ac2f0a112c44e1889c0208cf4b84b

SHA256
de3bd7a0001df593711bc04b12e59e7f7ed053cbc15b33ae8c1551ae39265a22

SHA512
8d9190c4526fa70c99916e257217204d56b3b84e0d0cda0eb553cdf9f5a875dbbc31ca7a3927a52629ad88ca5a30e678d010bd90f92d4b0d8c2a64b838162240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
82a9a81f6623549b64f83b2e6725a49e

SHA1
8ea5c14b8e81716fdefc552a802eb71867df9e5a

SHA256
afe9722684fcc1cf92bd56380f2cb43c366b14d95ebe55cce6aa6a224411f8d6

SHA512
4c73d578b51cb3bd662fcf2c1214a480bb81b81a38c60713e9e0bb9319001391cbdda0388928813e5fcea304753a16a9c4f62c2b0949146d4ca23bd00fe5b162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f928e6e33a6a0bb8723c2f2457153474

SHA1
971b609eccace88eeb729682ca98b9b5ab357bb0

SHA256
d70a41e3015cf94ea0aef13c62f77bf6c049ab247eb6f8b0d1a3602933b4bae9

SHA512
81b1927d3d944962c5e8ad0840085198378eb268e3c789010203eea15466ba5bf4a9e2a25d9ce74c53be335d299cc4aee72d690436f59228a3e9c927e7f12b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
04ae003db892175d3aabd3c1edb273ed

SHA1
ad4edf1d370321f0dc674c29bb0efa4389893b5b

SHA256
55ea2e590fbb65a173deb11ef7ddfc0a6ae49dc8bf666e3993aa67c359dc483c

SHA512
8715f504093af76d5dc606d66fa788e17cc65c1bff2cce109a3ecc42005db436fd696737e611ae19751e623c94f71d2835d06474f5a2e261b8d007193b8a9cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5bca31b313ff6f464b0a32d67e2f57c4

SHA1
f4871733bb5778cfb47cee7826387d9708013c9d

SHA256
b1e9b6e9ec43084620f9e14a580a66969103f410af13147b25df3603fda72a54

SHA512
9374649e278e3d64c031a9a7d4279808bca0b2626a89351f57e2ed9e1a9b03415a10d155cc7a3f0f8a3d06634b168de567cfeb8560473aa5ea6e5409dadd13a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d810895b1c86a89cb01ac095b849887a

SHA1
356ada2f65109628ece07ded748efb9c988308f0

SHA256
e1659fca40145c20dcd7557041ada90cda69fc3840cc2570390a61d64e1ee6b7

SHA512
0256c1612a2befe9ad89a2803f844d9889e3e9a01c1adcc28f8e5f165e16456ab14054d0d7d606dc5418771e70c08b93df6c21709aebb2bdcf992aff59235f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
33258bba2b1b267ab644c2d4425987f6

SHA1
d457c5f056c0ca131cf7d829ba1e45c576d4fcff

SHA256
86c91f9f4e073daa3af7c90c41fffda71e916022777d1d384d9149f6f1feabb0

SHA512
e6450c38312eec97e904a032fcd0e6a23c4653745917f000118542959892be044b6f91f9504e1a750684218142cbea2c3cbacc95d2c5ccf1416b27144273827e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
09220f921aadcbd53ee74b4c85ec3db7

SHA1
a772f0f6797cd1f87e6f7ca8a44347250ee2c0aa

SHA256
e74b37d949a8f0ffa89e359619dad6b02432d433b1b3daec179993202de42e77

SHA512
6313041b6249c2f2d5bec10855f508a8080283cae6569f9a8564b3259bd4bc5a2f3195db786747dd6566a1cd566d819205dd59ab9b585da4c4723b8575f5d7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ecda8f7f661c07d5db97fa02f578df80

SHA1
a8c5bb928088b6cdb1409b78378393077613da83

SHA256
7c88ba1b90465e69ceb4f162658ed28926b586d80824e0c57c07de14dedab08e

SHA512
37f3d4977c1cc1b7d029f1c6e9ddbdbab0bafbde2b8913e39947cb6f12d63970ced1e1a0d7343a3d8ea63bd8667d423e0a9e89cd2450e1e7c4cc2f7640660acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7238caee357c7faed5a095a9b2f39461

SHA1
35bab1b836e4bcf185eb9dcc0051d0ee0519a773

SHA256
7df752b0d246065f8618a581ae8aacf27d5b36fa92c9ded1a172ef67d7bf8718

SHA512
1d57813cc21ac95307f18fd7c00ffa32ed65dfdf7485cabf004b7f03e4f4c639d9ccef35af43316672f1b4e9ab73db84210c986ed9cf8efe04dc0396b01c70bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9bb811e1ef056ff6293d7d92785ad057

SHA1
6be89422f9e00bfa87f324ea24556f4366fdd59a

SHA256
0ed7fe0885210467f7e8b2d4199ac20f481507b0dd7a82ee8778a090798eb81d

SHA512
404a2feca68a676553171ab5db22a28c2bb37680306239b6e8cb6aee12877fabad8324d8da913bd53548d18929fec2b09f5bffab0684b2a1a96a21a3b3ff8683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a3a7afc6875eb5ba753ea1d401e74f76

SHA1
24b9a486fd4b23a1bd6c02d9eda265c2057175c4

SHA256
f7ad6e6422356013681222b41bb8ead919296d90fbbabf2e7e8aec8cf6344998

SHA512
acc384e5e5b9714e55618382db44dc5df3caf2b6ca774af7602a5c86e8ebdea084346b294c3f605c1496e1301939e5f6580594540168749f6249ee418decfdd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5ff352351e827cc235d0f9bf510875fb

SHA1
6d4d9e28c209de0af1e9c4e7df498bdbec8b6dd1

SHA256
861fa9e73d0f75c9e9c0f214dedfd452ef936939335dddb9fc18a676fca8d616

SHA512
06c9bea637231bb8aa9f25f4155f2e02130e8f605acc5415f9c6e394b05d6d4d5e25c938934e95b72ea6390e108b11565be5fae67eefd01a73c0d1a372b3d223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ab96492a96898e16e722d193d4e4b107

SHA1
f825535e5aa67985609c193c1be9d82a10d72594

SHA256
59dc373a1de1bca9e073093ed2d7d021ca94af2ce51d8635cf1ee35b75789aa4

SHA512
44b6b5cb7e78495da431a0f66c45faa36121eaabdc7e2f6b660d009d70de20040e0d99529a2e4221966f34728ee23c1a2d2a744936a383ccdd8387b7c540a29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
671cf16638d305447d2081895bc16152

SHA1
08b3083bd5ab77f6f3ace76fb5df5322f7e39db6

SHA256
91a1421dbbc9298a176e17ecd4da9e698ccdd6b9cf8e7bdda34f406462bfb8cc

SHA512
ec67f962f5f55949b568062528dbd77311944a10b318c4f99e98a560a450322ca6bdbce722817dd6967ccd6f4adc3233ef97feec63a867389bab9deaa8052ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c48b73ab3eae988b81dd6c8aa44ba922

SHA1
76490901bd0e88654c3cd9501aac7387ab69643a

SHA256
ccfdabd2a49b0bcdc261551f3ef8913d54677b228be0729fbc06f2f78661b037

SHA512
1eef5e2270f43733e33a4b3463e4980c2496a52453f2cebc59a6b31d4268a024c1e5951b24bc65952217bab05ee7426f677df63acdf18a4c37637420c88848f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
b2768d23f3d29bb45d112b5772fb5b17

SHA1
c8ae0f8284efc48e71d285ce6283e8dea3373acd

SHA256
8fb29700a4f83e3b07a3a681abbcb7ee7e7465e48c9575f4e7048107d0c72d8c

SHA512
0bcbd95979263bfb9767677aaf839bbf72f4d1dad0d19ec3607921a66cb7139abc3d0bc1a285081f46a971b68a711784fcace7b0d971cbc1ffa1d36b142ea723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
233bd5ba044fa5c8f559c85e1cba44fd

SHA1
6f331e961cb6b2b68339d74638acb8c81feca97b

SHA256
b5087a836575f6c08f3540d84af5d7cb0afbb5ef7cf2f11a4331243b143f2205

SHA512
d269431470c84b4c93ea8b176f3459232003b0e736c20b52987772614f719f5b977439a4ec5126d60b915ed1b4d0cfabacd08708935f727141fd292f3bbea9b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5842b1.TMP

Filesize
91KB

MD5
c7f82965668da6b648b8e01930673adf

SHA1
923e2f58d241a485506fa27bf4826744d8ffcd52

SHA256
47a7ba938b7d8d29b5c6e766a0b1592b0befd1fd7915bcca9d0fe6ef4d2c5bb1

SHA512
707f323cea64dee8f4a90d9f54881df7757d0743e1cc77ddfad63eb0c6a2cb54c3cfc406abd489d14c9af1583fe8c3885758c3d4eba2f8de5acde4ceea9aeca9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit