hxxp://telesat-news[.]net

Analysis

max time kernel
36s
max time network
37s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10/07/2024, 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://telesat-news.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651210377800297"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 2924	1308	chrome.exe	74
PID 1308 wrote to memory of 2924	1308	chrome.exe	74
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 4500	1308	chrome.exe	76
PID 1308 wrote to memory of 5024	1308	chrome.exe	77
PID 1308 wrote to memory of 5024	1308	chrome.exe	77
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78
PID 1308 wrote to memory of 1840	1308	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://telesat-news.net
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb2c1f9758,0x7ffb2c1f9768,0x7ffb2c1f9778
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2628 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2640 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5028 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2828 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5460 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5620 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5640 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5300 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5360 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5344 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5792 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5336 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5656 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5696 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6152 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6732 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4428 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5508 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5796 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6036 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6140 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5924 --field-trial-handle=1860,i,2794372549454209561,12450560042180417906,131072 /prefetch:1
  2⤵
  PID:4312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
102KB

MD5
022c9781d7093251699061a186484bf2

SHA1
52c2c993177d65e4611685c9281d2b5a57e87218

SHA256
5faf4462f3335274f34012bbf56f078ae965f41d9df192a85b33b15bfe4e33ec

SHA512
7d3f9c086a4a68393b17e565a32ea72448ae59d6da4f6a264a077c2443d1d925bd1ca2c536b9fe87b48d7ed77b63b8a554bdd68ece0273ac7da5fc3a5d632020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
52KB

MD5
223d33751208e14654ecf9c2ca14a02f

SHA1
f171846f252242fa0164398c9159bccd1b454363

SHA256
2fc2b7bad8bd1bacfb24be256e7e49e8db6b332ba5a3e16a7166432efd2d7b09

SHA512
7a463fce10095d1cf9e61e4eabf20d47960c55d7c6f8fe2d63b1e7921ad602795b6b39ff4642efee148b776c79d1a9bf3c8fd20212361481ae78a463db56c650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
75KB

MD5
90335e23e34350151ec2a2168b92fea9

SHA1
db8a14c9cfa164f1d0e4d9a30d4ae9e68897b9aa

SHA256
0e292c89c28513e26c5ea83b8ba8e065f5ab08c5aeb6af72901a12a5808f7393

SHA512
e97212ea643bce83825cc9d5caf563fff5a8420384e15fb6bb52190b7b240becc1be2e2cac080d610a07f9691be05e6f8c25dc4f915da671e6db0c7105837e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
85KB

MD5
16e5567dcc77bf22649e3caa83a7f1e9

SHA1
2cd4ac9ec17b458550bdeb27c06ba813393cf153

SHA256
c72d13550fcb948589111b67401e3a77bdc0bfdc695ea389136cb6f889e9030f

SHA512
954104be726c6ab2d0e59ef9e107faba3fff3fd8c6ec7edd2e6fce77271092aed5783d49442418ff8cde5e22efb34bb53c139ccffbc946b36db63a7ac7db259a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
143KB

MD5
fdf603dd6ee3985084286af54ab479a0

SHA1
bbd72838a4d819fcbd51a9bc15e2cee013e2b048

SHA256
edaa9fcbe7cd0cf1b20b5042b839da5d357535fe2ed31d3be426bd0fa72d8dad

SHA512
453c1b5be0c22eaddd05b873d880b75e78626b1ee08c702e3734345ba0c1d4998e258450fcc8d4a028bf4ae206712d3fdc7e13242486ecb1277d729f08878710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
214KB

MD5
aead79778ffa95a67d9797ae71b2c6bb

SHA1
6c1a0990559ef8f45d48fadc4db8cdc005d71812

SHA256
c435549f92873e2f0f0fd9695f937d2ccf112d79e84031fa7d7303e93bf6683c

SHA512
c21709456b3ef1fe39cfd4fcf130354f964ea3ae854be823a2d5b6e4a7b7451cb7fcc4964c36876c417fbfdf77b9bd08e81873c7c02d0c71783bb0b0e80f70f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
25KB

MD5
9a0f7d2a920670476a01f4a7f17238bd

SHA1
3089faf82cd4beac6a96fed4eb77e46eef175f3a

SHA256
dbc716271f4d696ea4209473b7545fd393a47f2ce344bede3b471524ed35102a

SHA512
a4779fbdd9cd767af9e3a2ba5ca518b5ee78eccf48cc88cc27724077a9d75188c2c5d59e0212e3c3b05ce6d0cd0a0049cf7a1c474ae27dc75f94886a966007b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
80KB

MD5
bf999f04fe5a6c8a00f615882d96364f

SHA1
21badd0a582ed48198a8c567e28c43d317b7ce90

SHA256
4fc63157afca55e1bf05d5eb68dd6572ec459774335e9e55291d2c4cf3274160

SHA512
dacc31ba19d5d274c609b8b53a7d8f8d486281c103661c06bc3971ec9518d3db2ea10177bbb49ee191079856180ff2a3498e5f3812a7399040623ae4e284bd4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
63KB

MD5
1f63b30eb1f4d138e7bbe4cf01349aa4

SHA1
7c34b0c2fc6f949551b9fa58c99d035d6e6a6002

SHA256
36da78f31189b81a9edf717d77fbbe93faec80b01b7d14d43972cd3a3e71e1c3

SHA512
d5f91ec7fa94eb7f62f1721c058566e4eefb620777dd2d94ed908f8e2ef3b0437c44972fa193924363d0869854395f0e5de6bc694b33b7e5ab6f51b666e5b872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
19KB

MD5
9dbec782554ff613b549c2b667c67857

SHA1
d81fac1044c42656a7df3f46c43b33e3c9ae72c9

SHA256
8aa672a751be805b7accfa6c6be9281948137b970985057f1c8dc78ae264b1a0

SHA512
ba33a2f9bee5cb7d3f196563e58184bd0c4a52eb92e7b0afd359c4f1358bd2bb07845fd6ab28d41c4ae7c0d5e931afe95cb30f8a80daee4e97990aa9f609e193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
20KB

MD5
75f4d34b443e0a3a8cb49c8db9db1975

SHA1
c62a665af984f19e83923c55e68ecd08c0f65ed7

SHA256
0a1ae61c5fbee61b2c1fb67a5a16ba6e006c818e07686a41075c7839fd5cb60f

SHA512
5466922989f347ce37b89401df1c72d690d9ab2d13e67aa55e3b3162d7fafb4b55bfcb2768501fe8d08af5fe576c4a4b423be2a06313efe0fda72c7135f50d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a578627083cb551_0

Filesize
266B

MD5
45a11d2aa3865bcf81d43a41c00d5968

SHA1
3afdee132956b048f56b60a3f6f65dd70e9df742

SHA256
05245ecf0a40fba5128e12abd068d3866211fd39c168395c394a382aeef843ea

SHA512
66f39f957bfdddfc48fc1f9ba3ddff588e5778afdc57ca2b9278e8f460078acdcc84619198e0ac35ce41e6cd3bbaf106df1a1c2883e634e15fe76af3f174d585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6dffed74d8667ffe_0

Filesize
352KB

MD5
559f251d9cf3daf5b576a7a814f6756b

SHA1
3ce49489b0d7c6da27fd5929d56d03ce8b380bd3

SHA256
3b7edaefa20214977625391a8dd4918e157b522d2877950005fd5dd3bff0a1d6

SHA512
59b85ab72baabc75fbb7cb3b33f23f5f7b5a26a1fec6997467cb1f693b5f5930870337f2bc84a92b66ca5faed6ba778dd10177d6feee8521d9fddd4674acb45b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9f86d28e5a05cb84_0

Filesize
274B

MD5
6a36b0b480b226867065fb362fca6f08

SHA1
70ee76fec01c1f77f7b37f50c298331e82a8eb80

SHA256
60d6156f77c9a758b898af77f0fc0fc02973ff24671387ed9b51dd58bebb6039

SHA512
3923a8ae06bdd315a8b7f655cb7319540328a64e80e8ed6c66a13a0f720481327f6fdf93199d0cdc295d6fb9527b094ed89ffcd95019ddfa747765fa69fc4f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\df53bad28ea1e322_0

Filesize
303B

MD5
74bc78446bc47283536e651c03e12224

SHA1
9e9cd6d42a4225368fe35883c3fdac7bb100ef06

SHA256
073bb72b8526cb2823c8d1390d8d77b73faddf90b2bd358ca218ccda6330eb20

SHA512
ab019ae8e68016e4d1c8fbb1204d82061136cd0cfe3d7737914dafb1c62a40593abb5c17e0e11117053c49b167ed0360264df48176046477f5d8c009a4a2d976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
84a0cca5da4130b89b913da726bd18ab

SHA1
9e0676c1dc530397c09614bd0f7a1364015dfc15

SHA256
b96ff3ae5337fda61e9e489fffbd48bc73d6107ca27b063c8723d74d90d2ba55

SHA512
2ed7c10c4cb4c9d4daf7092e4eb93abbc9099d74af37d02ab76c75d763ef12841da0390378bb3b96b3bf7f56d475ddeb96f29882ef5515fb76f79feefd62bdc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5d68008b5f8dab8f4aa586fb329a14d9

SHA1
ac9284603f2b7030f6004cee6966846374d239c7

SHA256
65cb3cb3865d1c4c4ecc1a4d52e82ac0ab1b9d33990895960afdca5b4b568f95

SHA512
5f8c7ee7fe7796ba08f9361a84267e96322e824791171934c678dada17feeb1e6e07239f9b01b11cdafb0a88855b0de3a5eeaa329db81b53e0c4d8505814dcc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b46ba55515ba53acc8bb4380f2e888ac

SHA1
44feed41197bb3f7390846dacbcdd257d8c33bd0

SHA256
dcc68db9172ce0b75819caf56fcf64f8c8ad1e00524bd2f68d9f15fbbf2bdc2f

SHA512
2f73f94ea32c58f0355d608748d2899b4078e0e931a486638729f2beb8c4be9e20be0007230bdd0305b88d1208cb0fbd7f299d24d36e62326765dc2038b5c605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
427beb783b79460871d0317f65f95702

SHA1
25957e2c3b70a72f3b4b5a6ece8e79d28ecbc61a

SHA256
a5986b3e0ceeb4b72c529757182462a094c40bc753c81075bab16aa3403f40ff

SHA512
545292a87f37cf51964588c99378d39a5be1e43f5d074c6e568d21f13e199f6ad7f52119626a2db2b8cd068a927217f96bc674467bd369f7513c50cd28c4f3a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
efbef475bcf57b5bd0aeafe7d0db9976

SHA1
f8d997f9b17f290a851918f693bdbd687c6c987f

SHA256
304d8f5b78444faa32efa9c449c1f4b8bc3d7a6914748750ad0ba1075f9083d9

SHA512
803fb93e70f371105bcd1c5ebba89aab925edb8957b4bfb4abebd3a15a874b5f231f8df1489c5e1fc0e97bea198ad4ba18493824d232b187bc3346935c7f3c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ef91473fe3c45101b2241eef88a62431

SHA1
e77d17929910f90a3d65b30bc8a1d5e6368bcb44

SHA256
308c95fd1836b8cdcd0b295ae6028a2fe6898f7385ac0b26573037072b3d2cf9

SHA512
014942e4ddb956e77848355cd5d93aea13a51c6861cebb646af33d0573186d60dbaeb525e82c665f7775fa7c1d7d4849394b8ada526a932b12511e96d9971c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
9728d04ae5202e97360e953759098faf

SHA1
fa77a4af9a88cb29e43624332161b666c2746580

SHA256
1ac2da337760ea2b8d072ca4ea5c526001353ab4e41f25a71c7064dfe92a0756

SHA512
e1f49a68bb152a8f13f32cb805b36f72cade4d09d22b3874b4b0a481bf55694df2233a09d36d22015b6d1c0a3f2bb8d34329a024b762a632d40ce5d7ed442e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
14f2e2728ce84bec60ead44304f26ca1

SHA1
a92f1c7e0ff581894f5ab6860cfc5974e0e00a42

SHA256
4b72f44fdb8a1f3b25030cf22934f75f54244534264cf0f58ccaffb23786702b

SHA512
d44de6bc56962d7977a3055b86ccf0ee64efd7ed6fdcaf5615f6d7766fb52be04d9a3c1d339cb5551cee52b77c4f3d5f38037189c19e43409fdc6e7147ee3763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
60d980c9a99b0c2bf5c0aad8165fd746

SHA1
fb28c4d58165eeffae37b5141e53a6fcc5376f7e

SHA256
7cbf9ededa5a5004d2d9898eb397d8bec6dfff29804ee71a96a9dcb9baba7d4d

SHA512
d83a4785716a933c4f0ea186c3797fea692198f14ac96e26e4fa2874e2ae4715479284e9b17877dade0c97833d11f8941d9b9ff5a85eb1e9ca97bf9d3e78ef8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit