hxxps://click[.]discord[.]com/ls/click?upn=u001[.]a0NJ38DJJG1sulNx5wS1jjasHPOV5MgsCNLIOUybEqgv-2F76hJtte7st2YGE6B-2FX1yKfr0RXgDDo-2BV899g1NzMWIlhTNUDNTsyUmVijMKv161YTWcPw3uSCH0LpeX1gk-2BPOut8f6QbyJ9c7IOuhHi68sM-2FAdwzO7OTLz2JcHDDMqKzlHbPjFYo1YNDNN9PwLtiR5E_Q5Ab2cXIMO2m1pPabQGe2TXF5ooQxdJNnU-2FbLxlAGEXDEpvTsJQbkr34eAJ7bkEC2xywecepiCdy52NjUDOf1aSVqLslKuta08DaEmpT5xL0XPlDQVNftgMV4E2k-2BOFZmrbKzDhmQdaEqyL7pCdSE7vM2qSVRRylcJtdg0nbcsD-2BeGwQnDKS3-2BPBM5ibSoxQ0y2WqeIEhd9wLuF-2FnR0-2Fw1bIatpEWTEwM3c7hrc9RlxGw-2FsnOdWN3iXEyL-2BXK82ONx-2FCIJNBleng-2Fcy9n9mVVw-3D-3D

Analysis

max time kernel
719s
max time network
714s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19-04-2024 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.discord.com/ls/click?upn=u001.a0NJ38DJJG1sulNx5wS1jjasHPOV5MgsCNLIOUybEqgv-2F76hJtte7st2YGE6B-2FX1yKfr0RXgDDo-2BV899g1NzMWIlhTNUDNTsyUmVijMKv161YTWcPw3uSCH0LpeX1gk-2BPOut8f6QbyJ9c7IOuhHi68sM-2FAdwzO7OTLz2JcHDDMqKzlHbPjFYo1YNDNN9PwLtiR5E_Q5Ab2cXIMO2m1pPabQGe2TXF5ooQxdJNnU-2FbLxlAGEXDEpvTsJQbkr34eAJ7bkEC2xywecepiCdy52NjUDOf1aSVqLslKuta08DaEmpT5xL0XPlDQVNftgMV4E2k-2BOFZmrbKzDhmQdaEqyL7pCdSE7vM2qSVRRylcJtdg0nbcsD-2BeGwQnDKS3-2BPBM5ibSoxQ0y2WqeIEhd9wLuF-2FnR0-2Fw1bIatpEWTEwM3c7hrc9RlxGw-2FsnOdWN3iXEyL-2BXK82ONx-2FCIJNBleng-2Fcy9n9mVVw-3D-3D

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
1	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579824030198279"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-801878912-692986033-442676226-1000\{DF313AAD-6782-40D0-BBF2-DD02AD4317E9}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 3736	3408	chrome.exe	80
PID 3408 wrote to memory of 3736	3408	chrome.exe	80
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4720	3408	chrome.exe	81
PID 3408 wrote to memory of 4828	3408	chrome.exe	82
PID 3408 wrote to memory of 4828	3408	chrome.exe	82
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83
PID 3408 wrote to memory of 828	3408	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://click.discord.com/ls/click?upn=u001.a0NJ38DJJG1sulNx5wS1jjasHPOV5MgsCNLIOUybEqgv-2F76hJtte7st2YGE6B-2FX1yKfr0RXgDDo-2BV899g1NzMWIlhTNUDNTsyUmVijMKv161YTWcPw3uSCH0LpeX1gk-2BPOut8f6QbyJ9c7IOuhHi68sM-2FAdwzO7OTLz2JcHDDMqKzlHbPjFYo1YNDNN9PwLtiR5E_Q5Ab2cXIMO2m1pPabQGe2TXF5ooQxdJNnU-2FbLxlAGEXDEpvTsJQbkr34eAJ7bkEC2xywecepiCdy52NjUDOf1aSVqLslKuta08DaEmpT5xL0XPlDQVNftgMV4E2k-2BOFZmrbKzDhmQdaEqyL7pCdSE7vM2qSVRRylcJtdg0nbcsD-2BeGwQnDKS3-2BPBM5ibSoxQ0y2WqeIEhd9wLuF-2FnR0-2Fw1bIatpEWTEwM3c7hrc9RlxGw-2FsnOdWN3iXEyL-2BXK82ONx-2FCIJNBleng-2Fcy9n9mVVw-3D-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc3a2ab58,0x7ffdc3a2ab68,0x7ffdc3a2ab78
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=276 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:2
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3844 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4268 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1580 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4616 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5056 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4192 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 --field-trial-handle=1800,i,189695613633182924,1006986213009923379,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ab61a648048e470cef5b0a06af6c1fd3

SHA1
f08306860c107b436de85b8e472f02a77d0ab883

SHA256
7db1e5bce2606da306c28ba6fcccfb1940661537b19be893fd8ef72ed906af5c

SHA512
c7ecfe2aa8eb00c9bd9b1dcff64357fd177c4c263c100ed4a00a986c91506d41a1b53133e233a9716c48993c0ebf36d8820eaff6003df68e12c3324c75e52791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4097dbc3e9ffdf330f730d3f2588c1dd

SHA1
a31e13cea23e26f05970636112ebe9dd73f05411

SHA256
1e2c4e5c5084b83ad43aa25a80f83c9863796c8b335c5883a16bde8f206fcdeb

SHA512
c15e1e64a7eaace741a5bb07539ffd355ef48fd0db5c5caf8f228b27ff7ad70173d9b979e69dabad8cab09867c6729aff3b81bc1b9ac49623b14c5bb5d784113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a1671ac2bccd683f404c72e6878f0f0d

SHA1
018818ccf43fb97cc3b9bb004268ca5283eca2a7

SHA256
a21d138caf90e07796cdd6401dd167c5263ead710d3fb57878bb7c8a8e1a4458

SHA512
7c97e22717ece04273eb4faa0de91fb82218898b5f98d5e7a2a81f927bdd6b2675e36bfacd9ff91e07ead2a9f0e5a8e045bc1573585b5804096d610cdec4a4a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0c518e1b-003b-4118-9f24-b5ee4e8f3e57.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7f8b1952-d900-4290-95e5-3631a2a7ec02.tmp

Filesize
2KB

MD5
b551222dec04aed864fcc005d7ef0f5e

SHA1
78191f65f11272cc468ea2a9d175a43c8e5f271e

SHA256
f0998873a6b72732d1bf67d3ccfdac3eea3a2f5dee54b64f80cb0714e4e92cec

SHA512
19fcbdee920412c9fa1660a80af8eb1a24346cc7cecc3c9cdd3e1b903985c5744186cc8115308b3e9c41cefdd6c659cb30a5795b0fc233266a2758d532df1514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
81285a16ea3d4bc39a1bb8d539b8fa80

SHA1
3487e442f5255b27ffbc87f8f0732f62e0490db0

SHA256
84157d513648d28205b544646a42a6ecf7324212bc00fd0af8883f8aad8ac15c

SHA512
88af79e58f43b33d8ad11d4eadbebbab28ddce2ac423475b409caf64f8250d91477c216c12fc82036f92f5f5efceb4c66d36f11230307b5ecc1b083e5e5bd1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3ef7eb84ee1d6cc3d3a9570c3f419744

SHA1
3c314cbb430bcff891c425aada5c9e96dd0be227

SHA256
732acc7dbdae673610388c908e96efeff43d78c51b2bf032cf2a76d5016d641a

SHA512
f69254e4a52d26244551b6f8029a51d8039d7c34fae1160b5d4b31d334fad6c276f8a923e99849d861538ad0d7680fea305ace86a65e82d647c78eac43b2edb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
751a4e42efb66f6b90fb0b4bd159f40f

SHA1
35a5f20d9bd09ae91e620a91999553e8ecfc8d9b

SHA256
e45b56a5b74302a8bda9a891ee921ca9767c0c5f6d89af053cceb4d264c1b5b9

SHA512
59f7bc7e57651f4f0b583c38b9084b803e4132dea5f2c9ae113d9a96a2f34155b778014c9cc616762a14087e17ea1dffcbdb7d576a96c3f434977dd52b1b080d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6f718d2bf967f2bfc4049d4dd0cf5506

SHA1
2ce4c36c919318b306326dafeb973b1436f6c5ac

SHA256
fa60acc8043e410ba00383349571ba363ed668cb82657f68b699821431877f3b

SHA512
ce751cae77868b508dcdae8252c4f154bd9ca1de5f6513eb448de8cceb32fc34e0728aaa5fc1431dc5c212649986e654f2d5088e1e69e0d5ea8c8109f79238ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba399e0906ee4f4f76ee3b9a17350a1e

SHA1
7f1983bf63e9491902c258672d3b26cc225348ab

SHA256
071fbe1edf7d6521ca53463a529fb90cc69882d7353ed7ec1f8b09392d8db070

SHA512
9dddd30478ff425dce7d8e5237d2f21cb46778834553e24d811fe7d4415c5ebef867dca7937d223776a897f8f5963b8d2fcd088fb55d7970d17f1c7700d76b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
851B

MD5
52ef5d754c72f4ebfff8f99b7e187ec6

SHA1
274378a1072d388fc07314df2cb296f14aacb58b

SHA256
142284dd77d0f03ff4221283126fe070327e08bef2c0bf691e128981701e8756

SHA512
690d46a7348a4586747207efd6c34f7ca29f2bd44e4c97279768fd00d0328fda21dfd0e43197c785e7c5606d23e3c9fdeb44d28cfa2360db75508748d247523f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
855B

MD5
381636773acd5a618bfc4c93a4113a59

SHA1
f582860e5f027e71bb0e28ffe9ffd90d9c244cb9

SHA256
e16bc0270c75af924350ea8921369822ef8b8e5720bf9a218f034f951b49c21c

SHA512
dda59436251492c828c95089441877e0da397a1ce075774489a6fced66e4bc986e82f8dbd558a09709a23078c37452ea16cd5072f470d2abc87f26b393c80e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48ada4eb937c9241a67be63d058301aa

SHA1
28e6ae3340487088228fbc426f15026512555310

SHA256
05d4761d8f65502e1c20660eb03669997db1f36c3bc679f24a77d585a9f8cc04

SHA512
2298c6f0e8d21c9b89354d24a00161b4ce91159c06df087a99a605bc3e68858664fff2a5245ad86bccf4cb8e3d4d3eb0f266458bc03ef9ddf2a25ef27d482ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ea00f810c3f27aec130e1a9693c91ceb

SHA1
1a0507ad212cdc801f95b4528ab0eeac5827936a

SHA256
6b318633a33ab79f1c47e49a7df702479c5b22031d69e3dc7a5b905cf8d394f8

SHA512
ad8fd9e291e30014fce61fd0068cf52c66f67ca51914c1bfa647b0689a1bd3dd13ca584382cfd14ffc4bb9c5d40b6aa20391345e6812fa2d54b73d4d4bce1a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
25dcd605f8904d46dfc5f215575bd7d3

SHA1
ca4d9529810cca9af0cc9ce88adb79952204c8ed

SHA256
624922f8c3ba97314fbb3f6142ad8a55db905fe4aefb5ddcb09f47a6c522003e

SHA512
307d7ee4595fcbc7faa35bd200c5a31a901134319d385151fb4dde03aff008e0e81d4ffd422680b1920d46ad8e23320c9e669e79cec12d12b1d145b4fe17e0df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c10a51d83decdc97c884a654e5e2c0e4

SHA1
1b9924475d9f1163e43fb111de888136778baed6

SHA256
192196acfcd68a708cab2996829ed8276206672bdeea6945fd69df603cc81aa3

SHA512
0f846dde8788e9738d11f4b4e79a7b20e8f906cacdf6f47adf7d54b8b296f636117852b6502495fd5781f6395a093024ca2c936838ce6e3a38d98b7e97117c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
660d159056a8d3b2d28101cdb23fc9e8

SHA1
9f1167ff7e767acdf68f1cf2ac84deab29616b8b

SHA256
e3421f58276ea793acdd01077ae814fc330f4d0cd18007e36a939cd578b0097f

SHA512
b22bc3b11f6167c60d3901cc0bb3532e59b0d1650a8145c4766d2cc5963b63675a08c186c62209a88ce958ed2b00afaaf86071cf8cbde36dd5de719381b63187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fc655a72f128492e0a808adaa727bfc0

SHA1
e7b908187fefc7a1d74aa7e3a9de85519765fe98

SHA256
f33f3dd193ba03c3052c5b27196ee9fcbb8520706fdef4ed3bdf975d221c0d8a

SHA512
6a9b761c0e4f4328ab678ccf5e82545bb7f090f4ece5b24cead7ecb23e33ae1571764e33942bab42669214ea77d9601eb42c4181b68e29984c98c9a7aa883f6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
f83c80236efe490bad3587c81e3b40f8

SHA1
fa88b589213507f18ba0dd5b8bb935b1792d2eff

SHA256
1e99ef00410544202fab21e4f0c36921145212d7e288a221300fe993012c6dce

SHA512
f7a41c7a42a02ada075c39f381fac404ad13c53c2ac703358988f02ce8be65ecf4ec796fb8aabb3e93415d56160ed0efde1469de54ad010d09e044592e1e4138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
ad99487cf898ee37f227c8e4a361284f

SHA1
179978b06f76e491eb073073f79ef313f34abfae

SHA256
df6c39e60f7b69325dbfb846034f9fe151e036b48c5a47e70a9691d9ae7396a4

SHA512
015f4317ab4a122079618b1b7aabfbc0589be6f2ffe44d77bc02ed934e9750abdd1e1a4fe342fff80941f66520010db7a9982843b49b554d3f480287cbb00c14

Download Submit