hxxp://asdq | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://asdq

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

91 raw.githubusercontent.com
92 raw.githubusercontent.com

flow	ioc
91	raw.githubusercontent.com
92	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608829105785258"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4336 chrome.exe
4336 chrome.exe
2016 chrome.exe
2016 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe
Token: SeShutdownPrivilege	4336	chrome.exe
Token: SeCreatePagefilePrivilege	4336	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4336 wrote to memory of 2204	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2204	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 2460	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 636	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 636	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe
PID 4336 wrote to memory of 1964	4336	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://asdq
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c84ab58,0x7ff80c84ab68,0x7ff80c84ab78
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:2
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4244 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4132 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4380 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4740 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3272 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5232 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2288 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4500 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=748 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3404 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5308 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1876,i,7189516003293281593,17292149659104758418,131072 /prefetch:8
  2⤵
  PID:5096

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4048

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e274baf848fdf719aa5f1564e271abde

SHA1
9c2024030a311d06552aefee676f79d20716b00e

SHA256
f185b3483c4b0418919dfe5bc917cad13acbc7024adf8ac3272f0ed53333ebb4

SHA512
8af3785689a1e84d199f9ba1e27ff6604401cef11b0145f3536adec12b4a3efc2f8cf86278b79b9949dee56132f389fc43a9f6a2c528a1ba6218a7ab989282f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
90255f4affeb761e38badc3875b507bd

SHA1
f0e5987f4de3b8798fe67c4f262c3d8121ba6325

SHA256
c097f9c8303373da7947c5472d17515fd5e9fe45a138d2db7688f5bb6aa53ec3

SHA512
cc96ff15e3bd9aed0c77c3e8e3245441bf96a33db7f7bbf60aaacfaf2307c73383df54e18fe1e852f98e82eb274c7abee98346caaaedc7f4bf1a981dbd10e202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
429d83196c4b2ccd067e4e22299148b8

SHA1
1eb05a30c86425ec9e74bd1bc9db750bc440d5cc

SHA256
5c1a6ed57b684dcf11a43b31ecf697abfeb56fe822a8bbde67043ac11ad363b0

SHA512
eba62681ef559e866070bf7f95901e9d4a1a843690ebd2a4d31542a7cdd976af98989a54d06ec74d19014c0ebd1ce16012b6018046ac9ffe9d73db6b07147562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b45dcffa3fed47eb741283be09f1d170

SHA1
301f1a698087ed81f71b675079fea1818a5866ed

SHA256
f77ef48cf832f243765ed4647c1e9028b4523f2246568adea549b1bb893d9761

SHA512
baa2d7c45da307e722f31599069a0b1cc08ca3baba33729d8abd0a8e89d93fad54af227351e84d4438053a3e016827b073e8af5a5a6d1195f332d46764be318f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
442b242aad478397a19c5dccde038f12

SHA1
953d7c707d9484560d684ca327bac19f23e0c245

SHA256
c7b304712793f1d0ced769b40441821471b6173178d125af4a0a0e00cc668ed4

SHA512
cf438c7f980b7f689a67d90965e859af6f0fcc7da591e4f5f663059320c795dc7075f8372cd2a70fe4488d0a04118b90b7ab80a055583c6943fbc71b10d208ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
463f7af1b8abe02073ee8b9eb541d5b9

SHA1
c23f38ea98c7df78be780f7d7a3569a9a904aaaa

SHA256
10e16df96103518b43a5ec726073b900c22dcf9fe77737f95d8ed1acfb0a9666

SHA512
e7d61b85de5f250ef2474e8384ce0f48688d781adde2cebcefeb495f2487239d90159a61b3f44711f39b2dceea0b2fc5927124a35438edb88cc436accdc17dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c899d93d36f6eb466e115bac4e3ae4a3

SHA1
4a889e597b5730a156580c16a8336e878dedd83f

SHA256
6501b9e5b4ae52040a4d26192c322f3f6b12b1e594596fbf2fd3ec32d8e14ddc

SHA512
7e2e225e3c5837e0d6119525713e46b0aa62cc59695bfa87afb742b0e5d0292394f8b388fe122dd722be79eb0b3a8f42dc6c6129b23482e58eeed8aa1f253277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
932883d02b68329cf56dd390f4b1bb55

SHA1
4dbb144ee85276c39043b25769dc5f57591dd4bf

SHA256
634ce95ceacb7816a295e52c979a312d4ca185d5542ad820342339cc380750cb

SHA512
b2f4b2cf54415f218ee927bd967f757d4062d8130aed6baa6f2ef64de168587132b47bbeee6ed277c247f6b4e56ffd1e42c029e8571146284dffed71f758dac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e37e32c9a665648e81a43e7d38c45ac7

SHA1
31394a16c0401844225bd8bd541f684a2fa3fc82

SHA256
fb4e08f669c320416cf87c127bf83d89706bbe15907c3519ff4f026ed7fc26f4

SHA512
9fcd27b9ead775c2880135d81cc9868b429ce70376b53ef0d5da0aecd6b902cac7eb6eb00962c37ef89a0cb03649c658068354e839e11c6b933d8d7047f630db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
762460ac88705e459bc98c17d8193f14

SHA1
924cbc3270a09de3eeb9d57307bec1d149bdb8a1

SHA256
8ea253f72cb7b0eff55f65dbfb280710ce5cbb60339222e33a416b0d7f959ff7

SHA512
29a2aceba82402929815ec5d016ccec96624d45efa0d4736af4b7e25951a31bbb6ed91663f20354b3958a165f87567d6a6cf7603ae0ac31014a4ddc27960a19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
75380aea781ffc42df196fdc2b111ce0

SHA1
f998b0c9ac65185be9996a6e68e6b4adbfaa7b97

SHA256
7317afd68bb653c982995cc8f878411a0058ee6519ee626c6d784e0a7235512d

SHA512
a546e28aa80be6f03dba833c5865b6655ee60e20fd7e59a64c12964df4cfe05d8d2e3f052d43e2c00f715a03d2e6da674e0e2fc6c8d75d85bb9827880a1d150f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2f7345b0839708451bf7d831fb73c481

SHA1
2172ff5655eb2bbebc182976f6e58bbced553d9c

SHA256
f63482ea80cdfacaa9593247f356ccd6be9a6d112949ea662b424682055f8b64

SHA512
98670ceaded65be28c90132203972bf195b62fdeb4475cde0e98931bd19bb0fc97d6e1781a6bbf741b190958207412e0c39d10d3678be8b1173cdf9e594ad276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b376e488244005725a148071f62043c6

SHA1
955cccf6858d4889e0c6937675b5ef23c8fabfb1

SHA256
f53d6a58ce2ec2450a49701a5f9554142d8fd1caa6af92dad62340600fa36b72

SHA512
c2c1230de7346a22ff43c5506eaee885a53711a27f11d03319d2cd6f0235b12893f829184675dccbc3865d347ab149310053ea4ad796a468ad98b32f35692638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a84c2dee64ced91fedd4832b6bd8aa6d

SHA1
791f265cf1d60688ba5ec49b4cf8218bea746a97

SHA256
f134edc4c9a671bac85611fc588b0d1e4408f18d0dee77e135d26476abb6bfc3

SHA512
650418810a62c05d729e177f3714b6bfa50dadd92af5e6f017ac11c323b6f5794e20d2a53c8ea26964336584325e2b3d07eafcf1a5e60adc80eeb136267d441e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
802ad44f5ff4ec949d147cfc78d8166a

SHA1
0e336dcaa2cf730e6c93982dbd3647b965c17341

SHA256
b39535ebc6f3d3c2f121d1ff70c8efbcaefa1d9d1440b05acae616daccf5741e

SHA512
b04d1202678f1a8e8a4eeff666dc4df2bcd15e25e3d5982c21b10742ad71e52299c2e4480f24c2b0a421c5544ad40100ae87115743938a1f89001aa31aa8b03c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
182e984b18cec2d2b7f52e5188c25abf

SHA1
56a4babced8438a3b1d6789c758a488825cf14df

SHA256
82be4c1cc1c043cd27c6199da55a04e8734f3fec94bc81907aeaff31156e660f

SHA512
a0e866d4fa6cf42fe32c4315bf819e1b5a66ccb6620f3ccdbc4b7e19e1324ac950d36bc96505f044224af74ccf02933952bfbb72c9a720307a2f5834accb234b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fd8e897201acb5ba52cc41a8f1ba9990

SHA1
8816a8f6615ab7ea839193f3ef809c907d434771

SHA256
66db547623efb168cf1a02e29d9eab6cf4f91bbce981a5793edb3e8f6a9d102b

SHA512
94b6cc6d48395354203b13e48e123c15bed6788b83b1b7af8eb16f0117b8c9ccacbb3adfd4eb8fb96b095a6d2bd30b21be8f6cabc622464d258f93778f270631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
25334dcec9cbf5d93e8d5696e26743ab

SHA1
5fc4996fb8816fefc0f3d7094226998f8dac4833

SHA256
0d058a4bf38ce5a360f7efa48577c79863658e221e7010d65000cab21b97a408

SHA512
919eb9f99e4e757225fd9abb96ceaa67f240aef81c4523bb9faf8bffb28ceabe8a948dea416835f1f48151c64b8153ddb9c1e3a4c051f8000c49b106b939fe54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
73ee7651003c4f002fd480a66d3cc3e4

SHA1
f24803e2766948d8fa4dc03178f5d84548bed1bf

SHA256
3a5dad3cc8470decb12f1ea083a021254558cfd7ec468214f584b74b9c4ed99f

SHA512
fa416b94c480099c8a3dd06b0a6f48113cefc3071f44f7ef9b3f4f2a63fc9648d2f5f43b5fa2b36095213b9a4da6ac2aff29233a34095a8680344e2506af07c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
79a6526fb2291812882d5e39aac2682c

SHA1
6caf31a3a2450032460de1d4f3df2fcbb8ea4c98

SHA256
fcd5c88f6b2eafc53911b910895d7947802ce2893a86dbeb35edfe681c9ba2d4

SHA512
e60a138c36ac35fbf8388cc97373e625aa3b834c2d9fdae41fd2d27bfddbf038f38f2111d8ae36edd9a983728f1d9b1cac80610f5165b49157e7f91730043fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d1a0725be396d7a3d49e55960a8fd46b

SHA1
8bf1d71163604738abe05b6dbbc7d3134879cf2c

SHA256
f324c924439fc2a6ad5c6cbf8d3fda42e81a31c93a763d2d5d02e5deec59d607

SHA512
553f881b007663baf9f9aae99a07c0b64ab4ceca7c0a77353542fa7a4fe39336b5828069da7c7f67f8debca6238e7576332c0d179d684594ce0eb9c134ab391b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
54d9695c545875cf05d2d775bcf0d256

SHA1
1aede69288686720b28195b462d0e445b54c8b37

SHA256
dee0d13d4e1529f3ecb9d13b3cf840d9f4e5aa565f061b2f22a0d73001e74cb6

SHA512
1bac038a149840711df3d0950ac989b9343a2720e17413f47dacc9cbdd29ff270a73ee1d612c0d76dc0732beb9be443b114abc65c23af2b4d43e397293a5eff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
e2ec98a68ef36066a88c8569ca99ad1e

SHA1
f8b36300a98b5353787c676d5472f557603b558c

SHA256
7d0c5bc727b0ce3e7ce209a17d4204fee83cc38fee69c86ba343b436085238ec

SHA512
719ddb651375fae3d9cda290e6d11b7fedff421aa011d4add504e2d9c921a7290cd5fb659d2b2f05f548a145cd922ea92118b7e74283a718f46285fad9a9d551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
fb0944672b81933b5c3e5b5ac41dc786

SHA1
80aff06910426bba102ad274b656eb34bd23ac4b

SHA256
2225dc1bec7e057e14ec5e0f39833d154873ecdce7e702787e0924e852b1760f

SHA512
25c15a311178c01bc2ccd607aaca9e27c53ba217014dd14a9d034166c8689362c8a4e14627e1f5130f644d8a97aae1c130d3d1ce6128ddeab733c74a2e0639b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581fc8.TMP

Filesize
88KB

MD5
7e89bb4db2e52c8f73a7fb47e1b9733b

SHA1
0ba78cf3405d7b554bb12788a681b6473f4db0f7

SHA256
b129d4247f081cf5a344a19b2a52dcce7f5782b076a44b8539ae42fb2ccf0b77

SHA512
b9fe5606fd421f82a29c382948451118778dca6fc2317b69cabef7193ef549cf58f989edf7907185c34c238cb793f063f10c689131023c382569ed9114bbfefb

Download Submit
C:\Users\Admin\Downloads\eicar_com.zip

Filesize
184B

MD5
6ce6f415d8475545be5ba114f208b0ff

SHA1
d27265074c9eac2e2122ed69294dbc4d7cce9141

SHA256
2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

SHA512
d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010

Download Submit
\??\pipe\crashpad_4336_MOWUPSQRBGBJVURA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit