hxxp://google[.]com

Resubmissions

14/06/2024, 14:31

240614-rv8f9avbkh 6

14/06/2024, 14:17

240614-rl5zrsxgnl 1

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
16	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628491759462818"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
3728	chrome.exe
3728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 4544	4404	chrome.exe	82
PID 4404 wrote to memory of 4544	4404	chrome.exe	82
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 4024	4404	chrome.exe	86
PID 4404 wrote to memory of 1452	4404	chrome.exe	87
PID 4404 wrote to memory of 1452	4404	chrome.exe	87
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88
PID 4404 wrote to memory of 3580	4404	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0071ab58,0x7ffd0071ab68,0x7ffd0071ab78
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5104 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4628 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4748 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4724 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4172 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4992 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3416 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1532 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5168 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5948 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6104 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5888 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3372 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5556 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1816 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2812 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=728 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3208 --field-trial-handle=1920,i,1870024356798172818,8554605870668071786,131072 /prefetch:1
  2⤵
  PID:3472

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e48db6e460c46f667005576df229066b

SHA1
0942c38f1459b7d671ea3090144b66b379285e42

SHA256
7994fba6fb04a3d73a4a7159c5f3b225944b4a96cd64200856b6d4170e4467f8

SHA512
608466077061383eb73f6ec7e5a58ae5794e722411a68fbf8cf0cc4d44ef854fc592634b39201c9683b42ee60edebdd40ce41a8f16897f9802c7979c0f5f244d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
851f75b0f737f00fc4f17149bf93b54d

SHA1
ad8f100bb6e3402ab60324449a1924e63cfd3420

SHA256
cad4d7da3c85a47a1442191c409554a44ec7b5b5335fe5fb543d3b25dbc9e0dc

SHA512
c279fcb2b47afec4bb206c7ba130fc1b76f34db5730bfba8ed5af524f195bf969131457fa322e6c7145427e3e7466d64136d7553407fc0900f19e651db31c21b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f4a88c8d22d045b1d02bc83b95a851fc

SHA1
0d2262f1b904b527b02501824f57454ec11f3bf4

SHA256
b41f3efdc9059d2973317a9b596214ef46eda443bd6efae3695b3431c2e5e913

SHA512
a07e15ec910c9011eb152c163a3eb6ea86777ada1556a7a05e93e6eb1c9a9cfc0b419a8011762282cdfd073733a5033e99c0153a4d1b9cd7d0782da7cca801ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
001980bdd88726ec30dbbfb5b1d70f2e

SHA1
d2cb823709ef27f3705c117e941b1e651f69982d

SHA256
1c28c42b1e421a3fc9b72a168480f05b04920f302b0585b7d06fc1314238a16e

SHA512
077b7a9f89faeca4b681066a80b7c31b188dcb10c55b77d9ca05175969f968bfc14fe1e3a32045d6ff79e0044c4e44ebe38fa13701c1a1f290fa380b41809527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
7e1550c9302da609bf806387ef29a8d4

SHA1
4dfe74536f92cf2c475ad79c2a5c540938999593

SHA256
21f4410bbd3165fb87c0588b4e902ac45798dce2c4a74e4428bd9e5996dbeb62

SHA512
ae8351c89fb64e4d89e93d29a8e972111b62a0af50b3c11c54ae9028e984f1f5db90c6feac8ccf6be3523f34a6255f368133566506b201053e1a315854b3b991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
4fe5b3a4ce36c5890be0a9a473a3da92

SHA1
dd9ebc6b93b4f280ec323bf683a05b9da06619a1

SHA256
bc7bc2cfdfc1b3d426cd228c218abfd665982d0bc68460a3509b7d7f922a5c36

SHA512
c8d325fff03dd2e6d37d8242022a040d72307c59c782575bf6d0f81c01e11446ae596223709695b177ee51d3f36844799e78f760572dd25c96ac7cdf01d7eb53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
b1831c851805767ac33d6657d8c73775

SHA1
e82a203fac854d60bfddbfba1fc486c830a745f1

SHA256
4823ce94823445b4fa9ef2cf0292e4299625dc7d24fb87d94bd7b4f88eb51d30

SHA512
11e9b3eebd8b0b38bc918bbefced6fc5f955c9ccfdc76bb4b04abe32e407733b8454d206a5c40f1f008f9994b2d4ef1d56757617da3b5fabacf8913eb4e3daff

Download Submit