hxxp://google[.]com

Analysis

max time kernel
265s
max time network
252s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
26-04-2023 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133270121095125332"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2288	3068	chrome.exe	66
PID 3068 wrote to memory of 2288	3068	chrome.exe	66
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 2060	3068	chrome.exe	69
PID 3068 wrote to memory of 4084	3068	chrome.exe	68
PID 3068 wrote to memory of 4084	3068	chrome.exe	68
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70
PID 3068 wrote to memory of 4124	3068	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x64,0xd8,0x7ff8849a9758,0x7ff8849a9768,0x7ff8849a9778
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1652 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2732 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2644 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4928 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2352 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5272 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5140 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5420 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5564 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5688 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4912 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5588 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4368 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2636 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5528 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2332 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4804 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1668 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 --field-trial-handle=1684,i,16898358609011663453,11170099256625633429,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xf8
1⤵
PID:2492

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
4902d085ffd6af8d2df3d163f1c8c86e

SHA1
45a4114a13a104426ea29a8491a7e72293d23732

SHA256
6182d524a0d09661ac70c0ea3cbaba4ec8fd9b9809c94d59232758e80696ac15

SHA512
d0e384c732f141560e6ddf7748edfcf2b61c7049474a6da70a346e869a2529db860c8b8291a3e9ff4e461c7daf6e94748da68a7eb62b416488604f90540c9e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
87eb24ae12d64b2c76f2b116b5570071

SHA1
49d699a9269f33b2ddd99b284fe9bf01365c4471

SHA256
7bd7f191e8fd07c3130f9a76e94e641aa1390c3bd7e3e761076aeafe3504a350

SHA512
c018d939dfe66ebc5173237cb215f1f002ee92c34676c11794172a9a04d4eb2cb45d4e7d63927fcd9de5c0ae9da6ec57979ee11c076610f723bfbc01570d2baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f86574c5e74b10399f34d2274e111629

SHA1
3102df44921bf124ce645878ca19c944f9d41159

SHA256
a3ddd93439a367c8eb9e42110266cdd40521480eed92962a5b3e377ef8d29a5b

SHA512
fc1d937158cf228cae215ced5b85b5bbb5485a30d0defa3e5dec39f234cdddcde5f7768cb2ff9f8d496a905d3a363cba5c70fa9a250ded2efdf9c6f5c6a07efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7ad481f77819e14d27dbeef754a8f100

SHA1
59e65231c3977b05778032d7b70146902d98d24e

SHA256
bf93293ab5d05ef2d80f1185c5b8faa617bbe646c54dcbbf9fd7b951922d5671

SHA512
2d2bb09a4d10e79b566d23d8fa0944ff02f9fdae3ab70439fa51e95af7d2fa4cd3001a8e14e3b15604b217bd2a7a41b6f61e85b0984b368934d112c3f670f652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
67503c54dc436e8a20d1d795cfc69ecb

SHA1
e1cc4bc2736b4ffde29e38f9f9c5e642dc80b4b2

SHA256
cd90a6aff0ba97c7f251babe573c872075948ebc0ed1e501e6aadfb6a856b3e4

SHA512
20829e95d1fae1fc32d1492cf3b0b810dbf0cc497d005f04986c979d538f4e51fb21091ba01842bcacec3599e295e0f13b10cf14483c88f2bbaa1d627abee467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fe10069e47e02ed86d942b55d2727366

SHA1
dc45057394910e5adad3649a23eb728639abff58

SHA256
23e3cebc884cf07d87ee00b9e26534c0794afaaad67ac08ff1606dc0fa82ebf9

SHA512
c677e3d86a0b9a2052b2238b5de8aa3b12336f66d029cc933b601a0a2b50c80cac392a65a37cf494b1ce02dd3bfb16dd1ea0fa1307823fdd2c1c65e5e20a4038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
bc8546dad1e1c6c8ec81178f020b59ab

SHA1
a965712dcea9a499c59acb66ad18f091c245332b

SHA256
8eaa16c1e12e5f81bb1ea91923a05d5db8522235d54cac1a7df4cb64c9392426

SHA512
4ece7755418a3f5dbc09449f1194ac9b7247b84a185982b2debd8516ebfb430fd0d6f719945107e6b5208a0d5496dbcdfb03e8ce1e5684ae395a8211df772bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e3c237f15fa2dcf8a0902acf5bbc192

SHA1
45c42cdf5e1f2ded885466b3ce43a5db547435e0

SHA256
b73c0ed13ac66f3ecf8c6fdefe92151205a5e76798def4d804555297a67868f6

SHA512
47ceae4d83b35a7a1d23e5ef461b7223b7ba765dc376ff0697ebd8f95b5919da7f43abda242670155fbf27875ed6473c01f2ced5953a93a69f99770d50cad607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96346a73fa2d3c4235350d8fd3dc47e2

SHA1
3f16db46e0b986a876691a6128b7026e023866bb

SHA256
cba952e39ff0a79eed9c898a1f05b51766105abc53ba11950e8e9e17a28382ce

SHA512
e93f94cf8538ead37488b816519957bbf65ea817cf058e27b0fd71eb10671f71ca952785ad6897de808755201ca82aed67ed4a45ff5bdf3674d8867e00e2c7da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26e7a272b1f3431fad82445b2fcadc45

SHA1
4da8afb26b6e2de034bd53e0f0acc8bbbe4a2938

SHA256
cd249d2ea9148bb579c6fb66df41390c5bc63c421c288da53cd3c01e21d269ff

SHA512
ac18fb1856beccb0d91c0cbbf5ad86f1db731c12c87caea1d92c05a819ec720496da0c72aca6ea467532cf58344ce542439234ad956096e6036ad550ed321b39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91af396ecdb9193bdebbe48944f9cf4b

SHA1
166da9c3e1ee524f8da1680547d91785500e249b

SHA256
21233036f11eddace90e0776f74080c23d0a3bedcea744b6457d29f248e5e8fc

SHA512
6d271d02aa8806744251e54c1dbc3e9f97ce8d805b8342454df5b264ef631750430debfc0b410264ade53a2fd2743d2fbe58945bc6b671815591ecef33096734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
07f93ffea0436376586fd888e3c97589

SHA1
0523cd5b93b85ccd3e91947d4907dca6b2819cca

SHA256
cdd9b62285c60aaae64add0568a656e8567ffd41a37164b78b06c0cda630aafb

SHA512
80cbeecfe3139ac2eb5725e0d349adb156cdbf075e561459053f0ec7eda149e67a166cbdab7d4b542ce155db5d2f0a74a18e9307de6ad6ce88f9f16a5f725f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6b82f54ce95729b993c5e759419a7ae7

SHA1
2820962cfb2ff7f3b02b1f918632452ba4d2585a

SHA256
19a05d664f82fe963505c89d4776fe7e4c350ecdb4d79b7064f9adae0b5a9d1d

SHA512
91bad9aa15b91019ac2015bd5dbf1feac04536f34318b87f53630f053ffccdc51643bf4729b6ed379c131041d85c6092ee9b4964bb20496be295558656c111cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
463b280370f75e63639a5826a2d0b228

SHA1
216db5ae4b82a85c2cf8b8bb07920973cd61a2d7

SHA256
4958b74c6fb22929400a42e4e43efda0f9f03bf92c328ade64763173680e31a0

SHA512
8f9848d06f3eb488d0586c2a793c2f2f0a2a4ed51a95203c020a845a84dcb64b4cc1a4bdf0d711b3c29a604d5d9afd7160ff7951b2d78af566d376d2d9973873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
10a7904175a30ff15629a738b0ca5901

SHA1
770682925f1068bcfa869a2c98b076c8d63474a2

SHA256
739d30c77778534929241511016dea09831b6e62413b1039dbf5ff9fde05f49d

SHA512
84db5c19d5ae6f253d044b8777a55aa962f6737c9eb49d81434eef7c48ea8758bf7e06ed58b44d55136786d52de851493bd824696d58b2bedbb946233f8e1589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
23b14572d5e997bf33bef0d7fd4e7a64

SHA1
a17228f944a5cf223ed0f0f9fb193dc6d6206d7e

SHA256
05d4b218b3647113e3e6ab904be2e9f75b6e1404a39f09a370a2c3e375b23686

SHA512
0e0d41883803e7dc36044ac8f6cbc6e8876fed30932dcfbb622dc52feeb3fda8be1211ff54c5f84d719ae6935167f6177bc6eb39039e3724c33052b88202942d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d08e.TMP

Filesize
93KB

MD5
9e32d01da71a831e1e6a593dd32e2330

SHA1
e143b4e063c7628c5ae1cdc181204bb7aa14c171

SHA256
8da6ef937b29787e55888a42ee173ae0ef7474e0beb846a70e731decb91f33f6

SHA512
8d235bd80d1453787a43a6ebf92eeb6d7762b589ee44388870f2535031dda48debc66ae2400945a7dc474b631446a29f3278b5dd9bb1a07c60f9741e69c27bb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit