32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Resubmissions

01-06-2024 20:19

240601-y3xhaadh2w 1

01-06-2024 20:15

240601-y1w4qsdg6s 1

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617465881944265"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

984 chrome.exe
984 chrome.exe
5780 chrome.exe
5780 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exe

pid	process
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

chrome.exe

pid	process
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 984 wrote to memory of 1464	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1464	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 2776	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 224	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 224	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe
PID 984 wrote to memory of 1852	984	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffea4379758,0x7ffea4379768,0x7ffea4379778
2⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:2
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3760 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4816 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4264 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5400 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:3076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5732 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:5208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4964 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:5476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5208 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:5668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2904 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:5204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3820 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2636 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2128 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:5740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6008 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:5804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1584 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:8
2⤵
PID:5240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5952 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5004 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:5336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=748 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=996 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:1
2⤵
PID:5664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4020 --field-trial-handle=1888,i,5418608164016192705,17455671711757497932,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffea4379758,0x7ffea4379768,0x7ffea4379778
1⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1932,i,7453126350511775494,3712738566370592839,131072 /prefetch:2
1⤵
PID:3680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1932,i,7453126350511775494,3712738566370592839,131072 /prefetch:8
1⤵
PID:928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bab4e8f6d4a10192f195c0f1e4018894

SHA1
716c9836b694b4d498fc7800d5492eed3d592c69

SHA256
ba909b7ec623ca21ec174193bee6819ae9597b07ff8fe7f4b99102bdd7fb2848

SHA512
d092197fc90d9d917f022b0ad1c09881158fdb62e60986bd3beb7bb6ca5acf44f9a5c0896f7bb89231deffb1cffd104b907a058a9ce89d7c202f56484cd4d2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
68cbe496d95320982166adc662855d28

SHA1
9e4e97c2cd14dd173fbd16aa27127a545b72b640

SHA256
1e814f36ad4d5f2bd0c44d3152da9e9d1eb25d72d8fa4c9a2fea25a9d8d39a08

SHA512
87b81f9ba1353f2397b2adcb473bbc47f7ef3fab404cd80e3f0859255c878d77c5fea20c09ecd1bd8974a5adc914f5c7a61c3e0a5a719d5d79c34f6daaa51161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
1a999ee8c4e10d92580edab0c5e20646

SHA1
fe0e669bd5b86a5b95cf0fb32a3a8ac6233fd970

SHA256
b2c4f3188b1df2deae4c3c2b8d669b79e8a1651c776cb3c9ff60d0521b89c847

SHA512
4920f94796528750feb198c2b0cfc12c82ea704b2fa808886010309274cf9ada928e1f7ee5f709c5cd71e81bb987fa162bdd77fb6482b6532727b9e1c821c1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
ad6018e5df3714452e4b2c733464afb0

SHA1
309632286249b07a80660ca37077e28943912184

SHA256
96f34ada67b9fda844f3dc51c39290d15584a8b6b5fed72fdb394c12273b5a4e

SHA512
d50aa355a6899dbeebe0833692c6a45ff9c3361cf15b8fc36b36a1092b52270001d47b6e2222331c09a91f6f287a9dd1410092ba1d6640540bb810a447fd322a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
18d30e591e30b41a5b3c471bcde12e3c

SHA1
13a1e5daa3b6678b74291f978a2652a96543546f

SHA256
0098fca30364d15aecd5a620f5c12ad31310766a7b574175aae7d66492934076

SHA512
59588ffd04628801b9120e72a022823043d8ef0e21204417bb953dca107b0b1b3ac2a7b57b4d76d7b4bea0cc1e7e2a045d00f7e884c98dfcfb936404e8d34493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c3809f8044b940709c86415f395d6a97

SHA1
f672b63ce0af84eb54308a52c46e4be80d8c55d2

SHA256
9cb87b73b819c329660c566022b5dc2bede3703a93a305783954db95c50983a7

SHA512
29f221250eadaec93ec4680602a37c830722f93f73c31e59c1cfd07f569a67cdcbfba8add70162b6647f0f17d168168674755dc5b98b7d9033917a5bbbe94880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
5fa69ce769bdfc4de3add645895ae1e3

SHA1
4438a48e7d16cc83c3d3fc9085b5b379f0308671

SHA256
fd7ab6aa7d2bf6cc32b4827e68a9d5e38bc42fb6577115a6169491a00c89f33b

SHA512
894dabe53ae88ffe23dd0eabb74034a9ab4aaaf20a7f6c1a441abe4a761c9f5b0a0d3f5684716de75b5bf694a9f3ba4714afae4a57ec27cbf256fa83837dec61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d0c9d95b05c5c6ce68f6fff92a9c51b9

SHA1
66a90f10533a5b6a65828981ecc77c5e50e8a14a

SHA256
62332fdc60f1351a92ee175291d5a9968ab976b92349c1ff061ace3753e5cdf4

SHA512
50f009624b17d3148e87db2d2fefee7231852e907ac598f9bac927f8e03700844b61209f886640c6e5bd7c78d8a69c64a872c906cef2f1e0803bb4fef09e1874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3c754089ac1d163cb302e75886a2d76d

SHA1
7b0d7b02621591f974ffaa486e25861a7ae9b85b

SHA256
34f2eeefd536320b8dfac0fa689ce8324920f77e07166333cbf0084ab3091749

SHA512
2ada708ec501b1d59a922de09229d349150ac321292aa0c3c22fc077a94b42c19289e8d552c0971d3ac14fc56fa255e8ccf0a1d2b7c54b201f3a453c1d65fbe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
20b83c11e9176794ce574ae2fde54e8a

SHA1
ee56abcef71e6a7ecfecef8e541565f673aed54f

SHA256
77adb86c7a34875f3756c001cb55a760f72658bbe57042602cf893af04934155

SHA512
0f3fde3efddb8d2e95f54d1b257e065e69f0015000e3f8198bce6dc3776adb7c515d5223fb282067ef75966d43990a3b414cfae011743401cdbc2ee1077c3d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3e4985a79ab4465e87bb1fd48d6520b5

SHA1
099ae09682e4ce958e3c63ce7b7e3ad78a306650

SHA256
c3111d475e95ead193780374b36af02b0e0a365b68e6e3751f6bf4216580ddc0

SHA512
2aa2a45c57648bcf9fcf32da17af88c9128bc7fc4dae8ba51f6e6a9ff46ddcabd94f06d14b8726f777547cb334ba438f5eef5a6f7994096ffe0644d2c39209d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dcbe5ad369fd7bcb012f70b90a56d26d

SHA1
0dc633af76f34d84136f73b46e3bd1afa6545088

SHA256
199e85f917d39e9c08412ac1197270f479af4aa33de66b1d6280deea7b5e8b33

SHA512
36d5d74783f02772b138fbf05ba3d8f3c9b3ea52a3a0f0cd6c4273b94a81c0c8327c9da73f93436d48239e2c613617626c9e51e97ecb9cbd425797420cecd065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ebeaa77c68d3f449c88797ac01caddba

SHA1
514a1806aa8de2c66ea450b786182f78f44b42e1

SHA256
b8c7a2326a2466382e02f954aa6b40d994e3f2f81e5f67db5044dbb936e81692

SHA512
299c8d13a133ba34e5a24e8f918f1f71786e7343e4e354851e3b2946bb1e28fc059d6865be94ffe3131e039687c53a8d243786faabd00277434a30087a864914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b61430d2-eba2-456e-a369-d82854d9a026.tmp

Filesize
6KB

MD5
e48272eb3cf2e3afc884ac5cde948a5f

SHA1
cb5c7d39a06e7ba9ef756d698ef42d6f8cced6d7

SHA256
b542c4542576a36010f9307e910d16a05885ebd26a284ffe5390ebb0c8f80475

SHA512
0768cd7204961802e8610f07e0e38439489503b8406dc19e264c7eb6f577e9ad4460e3b7d0fec2a2e5f80aa625d8a98b9de0fdc74c8f4fc646644ff679f02c4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
729b330efdc674922241dd3440c6f3c7

SHA1
e751c9df451f05f1ba8b188a7011ba0b8a7a1115

SHA256
6c7a94adc9412e0a5a184f5c03c829cc86eb7db90f3e0d43a782cf7fec763556

SHA512
d36324756a6f42178682d94feb1ba444bd69bf730f4e877f88965230d9945185363148eecbd2f3b66eb7c1ec59a3562c63e0d4a95da82c5a61853e35356a2f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
f4c96d50fbafe3117108bbb2e83d89de

SHA1
7f88464f769bf73ea7eb3dd7a617d1352f75a514

SHA256
f34a25332c00f1e36aaa7401ef4c38f7b0824824a10ac16a253edbabef0ef6ca

SHA512
817e444285b7c925dda8de8cecc31de8e0315f8b4a284eaab2dbb93c835b3f469d6eaf8f203f3b69a2cb10602905d1b29b97ff26696d17bf783cb0b46578c060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
fb34ff9a96a8900a06a13d98047efa66

SHA1
521db072af3829a3a118e5fdb942463bc96224f7

SHA256
6d6d02fb68dd313fa425f2138fbfd90c13e4c4146e703c5957352892025a2375

SHA512
a2c1a0d75ba944cc70cb3b6eecf76e40b79e9c79251e9606e6d03f2f7769a5fb3fd9020404543ec19e04d0f9ce46ff0549090a56b1fc7536925f25b4b3a57bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
08bb6aaf054ba60ae95219c077d6520a

SHA1
008e481f03436af4743ffab139c68bef3d2e5bad

SHA256
acc2d48fbd63fb97918f73e915ec5340176724e00b8cc063ba162e0c460c9daa

SHA512
2c1ce85bb586a61116965270c6b5c8059ff8a29cdc458141e047c3607c85189eba7142fafaa220e28b8c34cfd663815fce62c54cd12044dddd2e4cb27f252cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
64b61c262cba60377ac6762d26890c22

SHA1
a10d8d972ba8e0cbb76a9885e4d63c352f5b05c7

SHA256
ae85c466d5137308d1b19c7b92271c95a1fbadac3ac3aab120afbd91e8916fa0

SHA512
8ff50e66aa4dc28fc5898ef005ba3269bf39726588a6d9166c5231069a2b6ff5d71cccd75af6f2bd1bfea8512202f4e24ec0aaaea86c49535565bcb99fa7768f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5876d1.TMP

Filesize
97KB

MD5
4c47459fee154d522881838bb5cd8c05

SHA1
1484b6a59400c4a8af1f56da4551d3633dbc7abf

SHA256
379691a5dcee4ce293d1bd6ba0f2ff54ad81305487acacbde1e6b5c94f3fcf98

SHA512
576699226afc7c001c2c9baffbcbe8e06ed8038bd2bdcda065b97261dc3d9935b5db9c87e03646940599f0644a449596d10b87f063d8928868ab83217255c44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
4a7861d49b2b8fa9f04dcc5245035698

SHA1
17aef64a21ba7f7d3dcd3feb35a4640acdc19926

SHA256
0c0b77187ca13791172441c97af832e65c0bc778944c0b2d4c29547f8a3408b8

SHA512
01ef8c39c4850dfec3a85027fd07f3d4ab244cb4661fbca521f4a10970ef0278347d374d8e3099b3ea8fb354f77580958b335b078899830fce9b655c89737145

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
c1f4715333088866542f897e58ce5457

SHA1
b237dd2087f9508503adc30f381d670da0fdaa74

SHA256
e1ab609335b2ecce3ea36d3e1f5a98c6feda821f15a38c03078af9c4e149a428

SHA512
6c922d06f6ca6de19ae15ab083d624b39c530b0586fa0ec659cc5611e21f535ec58b02cba31c916d283a219a280c1bbc332cc2e2898af33cce2562ecf131601f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
d4446ea65a931c6b48bf0df9587fa469

SHA1
6456274942464a2b40fef4b75de3912669bcff43

SHA256
b9b1f7cdbcb86081102f1a0a9af641d1512bfbbc75c26f69b329772478cbe3d8

SHA512
9d56da11702153ff9bc207d8a514851129d4f708ce8b3605f06fe9d1561bc4d401535eae21ba58e65264cae2526cc357d3cafb2f9013a8bc21e53d47eab9ac1a

Download Submit
\??\pipe\crashpad_984_RYCXQZWHZLBMYAZQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit