hxxps://theannoyingsite[.]com/

Analysis

max time kernel
1799s
max time network
1795s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://theannoyingsite.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248717046994519"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{77FE09DD-BFE5-4B69-AB4A-175EF5B286B2}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
5432	chrome.exe
5432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: 33	4384	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4384	AUDIODG.EXE
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2916	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 1936	3100	chrome.exe	84
PID 3100 wrote to memory of 1936	3100	chrome.exe	84
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 1992	3100	chrome.exe	85
PID 3100 wrote to memory of 980	3100	chrome.exe	86
PID 3100 wrote to memory of 980	3100	chrome.exe	86
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87
PID 3100 wrote to memory of 4580	3100	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://theannoyingsite.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd94e59758,0x7ffd94e59768,0x7ffd94e59778
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:2
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4564 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5180 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6852 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6824 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7208 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6684 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=7276 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=7644 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7936 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7244 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7268 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8012 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7212 --field-trial-handle=1780,i,769672756086827169,12637445768988495906,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x348 0x4e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4384

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2916

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
725dfadacd7b746ba806f956314d8daf

SHA1
a217932961c1c5e788d3e2ec98f0451431d564a3

SHA256
5b496c58006f91bd0a1b1c08789fcf0415cf2ff1c0ed2044e9dd0f0a7d29679c

SHA512
ab63cfcd15058ddef4623d6da2e286658a5d225e31261a55829b1a4d77b92d91dc18d02cd71a5c0bab2d2a395a1d7aa91194764c3eb3fe6b2632e25002c9c8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
1024KB

MD5
66e8d3f233fbcef98b88e11acbcf6ba6

SHA1
2b8b441695468ffcceafc2c4820a64632a98ced3

SHA256
28e490622aa7aa0a7ca15f3b804ec193205908d99b1402594b08252d71e7c731

SHA512
d151aaa04e68f4f19fc403620eb68525bd3e064b298ac6482917908e14e28f7b9970e8651621c682ec8cd04bf963cd716a5decdc43234863415c9c753015ffdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
1024KB

MD5
2fe924eb16f814a9008dc97a104856c8

SHA1
f9d78de81408385bfa4f1184385e332135e1215b

SHA256
2eb791e0e334f9cab3d281b689785a0002b4f41ff76ad0f4c400179250d941d3

SHA512
58c24eeb11382ebd40211ce62de89c1cf0c7cd52e7d72734f13ccd0592c49ee7af2eaef5e376cfd59e72f00f86f819f1e248f1d69d34dc0654c5153398ac11ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
c2ec87c46bdea497f5cc64d2304d6c36

SHA1
d170f86347ad727d8dc65fa44e1db524b626a3ec

SHA256
9d5942aac3c05f9eeb1ceed50d211dbd327800e0c627ccd244744a0e17ee1c87

SHA512
63d453d0354bc0bb099776b1ed653d77eb6cc0eb62e591131fd5be8bd3bd9ab9e47fb4955eb0e6d5aa8aa50732a8e7344f996b823ba6d319a6734b966ca4a996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
f2130507d08c71b6153b9f0a8ba3a54c

SHA1
71c0fbcc6d090579e3f033c389baa9d46c6c07a2

SHA256
281ad10a51249686d512543c201cc93c539f9d2aad8b8db3460f8cb024ef5321

SHA512
db95eb9404060913e06582014149e2db874cb73cf9b255fbc7de0b4a83fd5263e7406989b302675cfe255cf940f1bc995f3da7fa5025efe26fd29565978b817d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
afdd53cefb969eb558a3cc74cd42e2f2

SHA1
04bd1c09a5d252667da544efd941e354e1089516

SHA256
faa82cc0803e16c8187acce96c638ac5f9dc39478fb361a93f2f7eb6c8b56a05

SHA512
f4e3acc2cfa26c61fd1f596ff24189aa22aa3c2264adc89dd2ba81c0270398df98e539fe47aaec3874df1dea7a4ccc08dd6abee9edd96e9ed21a6af420cb2870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f5cb7a0119004083c08850bddd5302a3

SHA1
b55d07d0d8bc5bd1f81bfa9c5c6574fd70c483f9

SHA256
ee7eb95b19999d3ec3f3748e1624c06518fd7cf716fccf8f0879094103d581fc

SHA512
ce84b0eb1280c74b85312ee532191d48c23e01dc9473f94f938b86a5e0bbbb29d012c021800bcd5a69c82ba4533dd80a1dea477eadcf78f5cad590a5c400924e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
03489a2dfc3ce1fd8e129ea30edccf0c

SHA1
fa0dcb9875885d12095fc5ebd768a9300d129306

SHA256
5e4585324f66c82aa3dbb08ae1bff8ea305c71e74df0b13890cda44816f0e217

SHA512
dbdb0acc6f2b39f84449a17074d6710e9ab18191e3d1bf2460960a377eefa980c1f8cec263ca50b22e72ab774fd252072234776fdd4d50ebfb628c9f1d6e833e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f14e1fc3e4f89200a1ad7da270f2a2e4

SHA1
289b5e2dcdd8ab74b951817ebe8d6ad727a70e9e

SHA256
93b502aacc676f4d1ff55d6f5d0092fbca551927176c079c2b73d7430dedcff3

SHA512
bf045b3f11435080c949bb95e259997a915a11c3f0bca43c007ad75e94404934ada5c5d38d7aee35770cc9d03ab96251bd08cc1c44bf23806f0c6631d59daf4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
441a18f13cb62a0017aabe6d8e3f7101

SHA1
3461596df8c69e308643bbde8e9ca6f2f08ec6a8

SHA256
56cdee80c2c0426a8df12de9a93f87f48e006ca784cfa2672fee4b9ba9323577

SHA512
2bd5cc1645a14038782a33142f8e2a589a83f28df6fdaa82c66c086659e5de937c6b2c25b9453bb65aafd4da036fcb4ce77cacc6f0af805d8f1ac8ab96d98a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9eb18872b549ab5a96bafdd4d1538f10

SHA1
abb5d936954856d58d95010528d4deb2eee1f12a

SHA256
8abd7cccbf251ff0489fd062112c0f3ff3474858a17d987c0f65a98023a60f6b

SHA512
a263de585b16483098d604550cc7900052f7dd96abf46234dc70fc2ceb11fe6888b8cf2e0c9c5c011d36f30057fb5287864f233ac689d94d6a7361be42451d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
828a2b289b7f2d44c4de644ab6c728af

SHA1
407c7405bcfdd5e3dfb91588252f25dd5564530b

SHA256
46886441128ae30c56da49ea33d78669591ba5e6d5597d956bd95eb8a51b7864

SHA512
6a4a2feb8fa9d474720f4b3b63b15008cc001ec4d25d289d6c928c3de6423e58a5d748d701f3fc3cd0f6d51072121b0539acdde8736108075cce894618051b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c13180f24871cbdd22cd34339a387287

SHA1
546761abdc787c5068c80338e28a9987e91f9256

SHA256
52eb87d0a7131be17e08502af27eb88997b819cfa807f8efdc2a5f6e6544cfd9

SHA512
077b4782fc62f7a68dc05a20c9a40e9846c81616e62e4bad60d24e84728444a70469f2d745be0612014127b881c0d269497b5a31c1b8c2649fe8258e02510990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ba6334fa36e0532d79ff69aed2e1fde

SHA1
94a656d423ea689b218c972ce5450e8dc465fbc4

SHA256
bcfdc6a709bce467fa0518e1c6f740256a0d7552e8aa946e981ebc8f61403fe2

SHA512
8c3434cb3e7423dde1d5392ba1f33560daf95a0842458aba37b553b711c7893cc2c9ce9f5dad1189e5adb4943a4ee0b74a66b5de0b4680bf4a1d112c58ee9a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1e167cdac2f7405a31ff21c04d274c8d

SHA1
bc193d6b9d3caac9adfee27c8d5f02ca4a9fb9ae

SHA256
e8e45325fae2d22a643ffd110e2697fc3900a9fbb4d1eab7b74445c1a26ee7e1

SHA512
4516605696ab12a547569f268b0053dc75879fab3a2c567ab75d9f65c6639ccfafdbe9e674c927a0603cdce697573f6b11fc956889699903d50e2f3f938c240f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
40a09389cf966382bb55fc25d4463f0d

SHA1
0c3bff24f2c84b7038b72e41181d7901baf689cf

SHA256
baf50491ad1ce9427271824770d707f81e93247607a40fe36f36953b3ccc4532

SHA512
6d00981c1cb886c27bba79a7035ca378606537d86a82c92069d7b0c2fe6149fd6938c042d25e966ba1982033d1b272dbb755439b407c185c8e24422b9661e3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
d2ac5415878788c9f517a7687fb7ae31

SHA1
637c2ea95b815d5ac15f8518ab4d0547584467ae

SHA256
ea9f32b2d9e29e08ef360069539aa6e341aa8d986f9990b835a8508e1353fec5

SHA512
c89e9a921227a4eeffcccbd1380e6b718e9a67e31f68dc853a10e60f28516ba69c55ba3fb0769da0b00ab35f13499460e51f4c9bba572514b692e2d29341d88e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
244d7c1f89170603eef554faacc563cc

SHA1
dfd2e35819e0c8f76a75256a38b019a51bc80155

SHA256
5981ddc35e0ee8fc85b6067c64072f057f5ff0cbcb5e08d3122a49d5bedb5a72

SHA512
bc78f93eac3d945b2df53578ceb6321e5d34c40284cea5a37ba6f3f8373482dd25028e19bac1276679e1cf85110a75d8b1e128ef2ef17ed6ee4a73b561003303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
907db0b32a0a839c3fffde9fc17dfe0a

SHA1
6ea6a97bae9c8d866f84fce879e755faf838f438

SHA256
4230ec4f6ada4f91c937a600029a82e1aa57bebcce0cc0ffe8cb92f51db95461

SHA512
8fdf55ffa9bb16928819a27e972eed6b3bacc9ef45ceabb9f704a8b22aa8b10542e3086e268db741ed931a44635395a0087ed55fa509389fe7df614331f6eaf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
123KB

MD5
831f7f338307209b075a7bedc03d8a76

SHA1
8727bdd3f66c37067b8b93d43e5fc70f4a201607

SHA256
be65f4d06638c92ec559261df1d1c19f2ee22e5bf2257f616dc8b132fbdc7bd4

SHA512
e6a08a635103c8ca979889f65b64fc91662bf53e55f8117c6c2e6cdd753dafc4e67f329cf13603a91e6920e6ee5a1c8a86e676d960a6b5472e0f72f708ff2ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ece0.TMP

Filesize
122KB

MD5
0e29aa3bb6ffb050abaa80b2ebb5cc8b

SHA1
691d16321f168c1235d110af7ddbc684c9dc9055

SHA256
d9413d507a3587cb2fe93b89326764be9ba3f76ef7cb20d67e87ed346075e98f

SHA512
178960ee3bbf474b704673923a434252f83de96a3e348bc52a38eaa8c0fb5275a69081e3615be2c70a43de810d41d46781a8172a1163ffa7ba9a962f10da93d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit