hxxp://gmb8njvyn5[.]coasthetiv[.]tech

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gmb8njvyn5.coasthetiv.tech

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636612889533780"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 2948	436	chrome.exe	81
PID 436 wrote to memory of 2948	436	chrome.exe	81
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 5056	436	chrome.exe	82
PID 436 wrote to memory of 1504	436	chrome.exe	83
PID 436 wrote to memory of 1504	436	chrome.exe	83
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84
PID 436 wrote to memory of 540	436	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://gmb8njvyn5.coasthetiv.tech
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde423ab58,0x7ffde423ab68,0x7ffde423ab78
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:2
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:8
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5088 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4928 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4132 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3408 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4812 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3320 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5108 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1552 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3024 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=736 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4948 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4880 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5016 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1656 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4388 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2752 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4996 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4332 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4276 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4300 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4264 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3400 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4428 --field-trial-handle=1908,i,385605465275415106,8001323928252336312,131072 /prefetch:1
  2⤵
  PID:908

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e619cc10ca273100a62dea50f2cc225e

SHA1
9d5145c256d497d17ea48d4e69d8b2cdc726485a

SHA256
5fd414d489e2d057e2e99fb714a4663e92a3796862fc092f069319175c810bc1

SHA512
8d53b806a4ee48ec823cbcfc985963c7be508398a75da7a64d72dee676ca86168c67c9897448e03af8e6052ad4e2e6cf2c286610228ccb30bb3d8a6c0277f907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
263dda3338188eb84712f1a3da6a3ba4

SHA1
a78848f245693ce79a2704a279c382e2256568d1

SHA256
98de0b6730a431c9ff6b40361eea446383b96776f30d9d29b18a27fbf9ede1e2

SHA512
6ecd6de9ba9af82551336bdd156517bcaf4a2210fe38a9bb327fd90c3e6758b657da76a40cb3cf6d77a365cb241abd36c599ea0a788a38cc2d9c3d69efb480a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0f030d426aa2d7e7f3e2ab991bb5d288

SHA1
3f032cb0f460ff4d6d8a248c9cae477b63b6692c

SHA256
af621f1a2af8ea05b12f97611ac14de481d94fa7884ef29de36ada62896dced8

SHA512
840c39fa25b59e8b38c02daf4e44a8665b2db06ab23470d5f65b8a96edb4370a13fcf0f1e49a07412560ef1c12fbbf4ba9159891b8d9db9b32bbd0449d343b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d86a181f958120a27dcad8250c6a6054

SHA1
c3b36cc3dedf4186d00e2d5c996a5d83091156db

SHA256
1fb217dddab657bd94cc4d3d0b8c6deb9c1ce08b1f16cb25404c97d92be345f0

SHA512
75399dd735fd06a5ce6472c710ca7431835e157f95ca90a0a347279bf9106b718ed1acd080e23f8e8ad928e14f68dc6f31027627f588ecfe93c3e77ce40d4223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2bf0178f42f83300c9fd8ba9ab096dab

SHA1
2d7c7afb5568960bf05822ef020e423db67f9400

SHA256
53bbaa00e1d8a580ce8d46bfa7994527a0dbcfd4824eb08340cdf3c4cd502994

SHA512
6e088a4b0052e18bfa70d9581a1facf18dc358e66f434e534258f5f4f777bfec2d6ffda73ef7d1f2a84cc775326574203946f5e713b899be9d8828d9fb756d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0e3ea81e2e41fc871fe0b8d7fcf37d4b

SHA1
61183481ea0f7d73ad673b2addc36273311c8f49

SHA256
4bd8268b1bcad39dfa552ab1dc81362daf887262d0989cc51c42b8a08c381869

SHA512
6470f0c3da40a5a1b6f634028aa4761a04fcf2a125d472a002d1b4bfbb613522ce5fdc531683497eb23a9c6932a403d31c96110ecd6d117dad826487dadc259c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
a6ed0f613433ce8a77d0e5a808ed83d6

SHA1
355473c1c043c936aa25ef4e6515162e47e0553f

SHA256
a7a3408f2056fda27230c5d4130712f6067643f687db405d5db77554bce635bc

SHA512
0ac2b6cf0e2b74dc4345a69a1c036736e6c77bc1cf48dc5006fed9c78d7c7adb2307babf4e142e25036fbf97f741d412fb92d41f58f6bc2d9733ab54d7d78f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
d0310753e113de76db5979b18d8261a6

SHA1
84b7cd5f652421296a3777151529ef30cbfba4c1

SHA256
a1c55145954954afb3c7b41df7c51cc724ebb1287957852b49f53dd0fceebae1

SHA512
496196e4d7bf9d8f6f05b66b81408409325db6ffa39ced404eb7b4f873537a580387f1c07bb855e33536b61f1cf3bc89b602c8f5b876ced7daf919e92c161822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
e974dccac55614a0ac18846c429db7ae

SHA1
07097e12c02d249e41a70d04be5674ead003c7d6

SHA256
a3f21cd23d9bcd633ec3df16809b0cdc8d6f6642811f4b8a70213dba02a7dec3

SHA512
26974c4264cfb4b45e0091675762dc4dff0aa0714e622356c148f9c5412f7f7b731a9c1ef495d6713d5964a187034b11d576d1a981abd4c77d835faec1dcb6cd

Download Submit