hxxps://library[.]perforacioneseingenieriaperu[.]com/#RjQmbW51aTBENCYxMyZGNCZ6ZXBjMEQ0JjEzJkY0JnVxanNkdDBENCYxMyZDNCY6MyZSYnRNe3A5MyZFNiYzMyZlbWppRDMzJjEzJiwxMyYzMyZlb2ZxcWIzMyZDNiZFNiYzMyZ6ZTMzJiwzMyZwYzMzJkM2Jm9xS3NbWUVEcGljdkIxJkM0JjozJkU2JjZDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YkU0JkU2JjMzJmRzdDMzJkM2JlJidE17cEIxJkM0JjozJjozJkU2JjRDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YjkzJkU2JjozJkU2JjFDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YkM2Jm9xS3NbWUVEcGljdkU0JlJidE17cEIxJkM0JkU2JjozJkU2JjNDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YkM2JnRqaXVFNCZvcUtzW1lFRHBpY3YxMyZGNCZ1cWpzZHRENCYxMyZGNCYyaTBENCZGNCYzMyZFNCZFNCZoTlZtbFNxcW1bVXFYVzpSWGIwQklieDZqW3U6emRyOmpjcTJIW2k6RFsyVkROdlJrTmpXVUsxTzRjcDpEWzJWRE52UmtOaldVSzFPNGNwOlRjd09uTTFPNGNwMjNja2VvTTVWVU97WkhOeTl6TTdOSWQxU0liMTMmY3B1YjEzJjFDWWJ6TzNkMTMmRTQmUm9jbTJYZWs6SFsxMyZFNCZSSGNxaTNSbDZYW3hDWVoxMyZFNCZFNCZCZXZXWGNteVhTbVNZWm1LNFozMyZFNCZ0dGJtZDEzJjMzJmtDVURVdjMzJkU0JmVqMTMmMmlENCYxMyZGNCZ1dnFvajBENCZGNCYzMyZvZmVlamkzMyZFNCZmcXp1MTMmMzMmPjEzY2s2emMzeTNjM0NGY3FLb2RtT1hbajZUWzJHWWJ6NlhbMzMmRTQmZnZtYncxMyYzMyZ2e3dJWGo1ezMzJkU0JmZtdWp1MTMmMzMmam9jT1VTT2MzMyZFNCZlajEzJjMzJlFuNTF0MzMmRTQmdHRibWQxMyZ1dnFvakQ0JjEzJkY0JnplcGNENCYxMyZGNCZtbnVpRDQm

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://library.perforacioneseingenieriaperu.com/#RjQmbW51aTBENCYxMyZGNCZ6ZXBjMEQ0JjEzJkY0JnVxanNkdDBENCYxMyZDNCY6MyZSYnRNe3A5MyZFNiYzMyZlbWppRDMzJjEzJiwxMyYzMyZlb2ZxcWIzMyZDNiZFNiYzMyZ6ZTMzJiwzMyZwYzMzJkM2Jm9xS3NbWUVEcGljdkIxJkM0JjozJkU2JjZDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YkU0JkU2JjMzJmRzdDMzJkM2JlJidE17cEIxJkM0JjozJjozJkU2JjRDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YjkzJkU2JjozJkU2JjFDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YkM2Jm9xS3NbWUVEcGljdkU0JlJidE17cEIxJkM0JkU2JjozJkU2JjNDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YkM2JnRqaXVFNCZvcUtzW1lFRHBpY3YxMyZGNCZ1cWpzZHRENCYxMyZGNCYyaTBENCZGNCYzMyZFNCZFNCZoTlZtbFNxcW1bVXFYVzpSWGIwQklieDZqW3U6emRyOmpjcTJIW2k6RFsyVkROdlJrTmpXVUsxTzRjcDpEWzJWRE52UmtOaldVSzFPNGNwOlRjd09uTTFPNGNwMjNja2VvTTVWVU97WkhOeTl6TTdOSWQxU0liMTMmY3B1YjEzJjFDWWJ6TzNkMTMmRTQmUm9jbTJYZWs6SFsxMyZFNCZSSGNxaTNSbDZYW3hDWVoxMyZFNCZFNCZCZXZXWGNteVhTbVNZWm1LNFozMyZFNCZ0dGJtZDEzJjMzJmtDVURVdjMzJkU0JmVqMTMmMmlENCYxMyZGNCZ1dnFvajBENCZGNCYzMyZvZmVlamkzMyZFNCZmcXp1MTMmMzMmPjEzY2s2emMzeTNjM0NGY3FLb2RtT1hbajZUWzJHWWJ6NlhbMzMmRTQmZnZtYncxMyYzMyZ2e3dJWGo1ezMzJkU0JmZtdWp1MTMmMzMmam9jT1VTT2MzMyZFNCZlajEzJjMzJlFuNTF0MzMmRTQmdHRibWQxMyZ1dnFvakQ0JjEzJkY0JnplcGNENCYxMyZGNCZtbnVpRDQm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643589658039475"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
2260 chrome.exe
2260 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe
3412 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3412 wrote to memory of 516	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 516	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 752	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 3296	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 3296	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe
PID 3412 wrote to memory of 2348	3412	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://library.perforacioneseingenieriaperu.com/#RjQmbW51aTBENCYxMyZGNCZ6ZXBjMEQ0JjEzJkY0JnVxanNkdDBENCYxMyZDNCY6MyZSYnRNe3A5MyZFNiYzMyZlbWppRDMzJjEzJiwxMyYzMyZlb2ZxcWIzMyZDNiZFNiYzMyZ6ZTMzJiwzMyZwYzMzJkM2Jm9xS3NbWUVEcGljdkIxJkM0JjozJkU2JjZDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YkU0JkU2JjMzJmRzdDMzJkM2JlJidE17cEIxJkM0JjozJjozJkU2JjRDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YjkzJkU2JjozJkU2JjFDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YkM2Jm9xS3NbWUVEcGljdkU0JlJidE17cEIxJkM0JkU2JjozJkU2JjNDNiZ1dGpNdHRibWQva0NVRFV2OTMmY3B1YkM2JnRqaXVFNCZvcUtzW1lFRHBpY3YxMyZGNCZ1cWpzZHRENCYxMyZGNCYyaTBENCZGNCYzMyZFNCZFNCZoTlZtbFNxcW1bVXFYVzpSWGIwQklieDZqW3U6emRyOmpjcTJIW2k6RFsyVkROdlJrTmpXVUsxTzRjcDpEWzJWRE52UmtOaldVSzFPNGNwOlRjd09uTTFPNGNwMjNja2VvTTVWVU97WkhOeTl6TTdOSWQxU0liMTMmY3B1YjEzJjFDWWJ6TzNkMTMmRTQmUm9jbTJYZWs6SFsxMyZFNCZSSGNxaTNSbDZYW3hDWVoxMyZFNCZFNCZCZXZXWGNteVhTbVNZWm1LNFozMyZFNCZ0dGJtZDEzJjMzJmtDVURVdjMzJkU0JmVqMTMmMmlENCYxMyZGNCZ1dnFvajBENCZGNCYzMyZvZmVlamkzMyZFNCZmcXp1MTMmMzMmPjEzY2s2emMzeTNjM0NGY3FLb2RtT1hbajZUWzJHWWJ6NlhbMzMmRTQmZnZtYncxMyYzMyZ2e3dJWGo1ezMzJkU0JmZtdWp1MTMmMzMmam9jT1VTT2MzMyZFNCZlajEzJjMzJlFuNTF0MzMmRTQmdHRibWQxMyZ1dnFvakQ0JjEzJkY0JnplcGNENCYxMyZGNCZtbnVpRDQm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef993ab58,0x7ffef993ab68,0x7ffef993ab78
2⤵
PID:516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:2
2⤵
PID:752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:8
2⤵
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:8
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:1
2⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:8
2⤵
PID:4000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:8
2⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5112 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:1
2⤵
PID:4124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3396 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:1
2⤵
PID:816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:8
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:8
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:8
2⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4948 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:1
2⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2476 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:1
2⤵
PID:552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2660 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2660 --field-trial-handle=1952,i,7606952594154410368,10673513951837181106,131072 /prefetch:1
2⤵
PID:2768

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4196

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b08a27e607f33e0b2c5483736e7dacea

SHA1
7fe80fcfb69d18177934f03a4f8fb2fe582e1475

SHA256
a51acf61b0a93720f46fdcd936f21093ddd6d4fe4a943f742db8fdd9a780f7ff

SHA512
c1d25d9b862bacf49c44b3bf912aa6861f08dcbae6a928cec3d44a081d84f05c7acb0eda0b993d4ed3ace86581cbf71ede24d159700dfd5b09866fdff56b723e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
7dbe5219a67a9206cd3e124175c17c6a

SHA1
6804255cc82df0981a061d71d6f0c0be8359e792

SHA256
fc84fc799758b6d1368d0167132944aba0627368f89b0a1956d6a5fcfd20bcf3

SHA512
7bc97c2d83a85d77e26c02a200ebb102cc8e7329f772cbac086127c0ee93ab5aab56361437552d1a48539a168f2e7b4889f8e064b68fb3e0bc2ea6ac9048dbca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
e0bad088849d67406c74e104685d43b2

SHA1
5b8c0ad189c82fc00916c0e86fc86b56164bb7d6

SHA256
7a8cc0b7c11c93b93206e7ddbbfd42eba614abe1703589bb2ad35b282292947b

SHA512
e9c51b3d0b30019e4fe1e622e971eb6bc64ad4e9028ba6db4b837d812ef683b114b9d6dc6fec1080cffe2ca1768a3716b7e1afd898ce81282464d7a693a0c05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
0d6ccd5c8aadb03663d37672a8c94d7c

SHA1
4bc8cad7d5a1a7087c5b91ed102b7f7f92231416

SHA256
df188f2ca47e44115769ba0e8f28c52dd30d225493d864fc86d4c41ae144af60

SHA512
623528ee4a46af71e84ca484bc1b74a0c4524721b34d784ea32aae7eb4a5c9e1345a5803854d5030022173da05949a855a1da022f201d574725c54ca0e9b0219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e0ab.TMP
Filesize
88KB

MD5
8d177a595fbe59c4eab173bd121b6f71

SHA1
b1803502f97af8f7d22cb1463871035cc6f7f9b4

SHA256
26332e34fa61352af747812eeecc0d3eab19cb5e05a2f1c4310bb8c8bb67f18c

SHA512
c337c09344c654b955794082faa5de66bd4979dc03294da2b17c0dc5b3ff024b47752a86018bc40fc28cc3a186b8869f729f18843f5d5454c64036b0877c6563

Download Submit
\??\pipe\crashpad_3412_NYAVCOWFOAXAZGZH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit