hxxps://psriskmgmt[.]insight4grc[.]com/auth/password-reset/7cfb2534-727a-4bc0-a87c-3b5e24414af9

Analysis

max time kernel
160s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2023, 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://psriskmgmt.insight4grc.com/auth/password-reset/7cfb2534-727a-4bc0-a87c-3b5e24414af9

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{8AF71B67-BB87-422D-B3B6-A221D53FE8FD}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6B82529C-431D-48AF-B6BC-240B1B6E05D5}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B8CFF5E2-9102-40A9-8452-834E6854BC97}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6DEF5A6D-1743-4EE7-A774-D304712C402B}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{175F6867-4BB1-418D-9620-14B1040FFF85}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1BE5717C-B36B-479B-8B28-54B97E45B02A}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{EE05D5DC-4826-4824-A2E2-7B0905A63675}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2A06F3D5-8760-4FFC-B51D-AA14D82E7FAF}.catalogItem	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133324330820698549"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 3692	1312	chrome.exe	82
PID 1312 wrote to memory of 3692	1312	chrome.exe	82
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 3896	1312	chrome.exe	83
PID 1312 wrote to memory of 1916	1312	chrome.exe	84
PID 1312 wrote to memory of 1916	1312	chrome.exe	84
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85
PID 1312 wrote to memory of 1840	1312	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://psriskmgmt.insight4grc.com/auth/password-reset/7cfb2534-727a-4bc0-a87c-3b5e24414af9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff59ef9758,0x7fff59ef9768,0x7fff59ef9778
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:2
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4808 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4540 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5060 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4784 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5632 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4812 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5200 --field-trial-handle=1844,i,2210230198117131739,2784432097750173888,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1368

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:1748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
171KB

MD5
bd9fabb2e7434eb9ebab7b28e33ec6e3

SHA1
a1cac8dd06b30bbec8c1f4c7348dd25ad4849cf3

SHA256
f6711de5a380979c740e0e42170aa58a07e1ed63b31a606b77844fc8461a31ff

SHA512
2395c72fb091a739f132ea2fcf8a34c85d5dd7935a9bdb0803df900b108085e79689f240acce0174b89e14387d21f8ac9bc1de6e3e85a13da7e96a47b05c830d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
ba343a3c55e79ac140f0a2100c312106

SHA1
ee6240834c37a9c81e7530735381cecc0c21944b

SHA256
70c5b35e8ba989a60de7f31b071f8d1978a67d2946f17cd8c18acddd220d9eb6

SHA512
c63db3849ebaa3082a467537bf780349da9d3286a9c56e457f33b67ac193e20d9f8b1208dd745d23b92380a6bdf33cb19ee09882ba665fa2368ee622b449530d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fd3900478ebcadf74045463fcfdba546

SHA1
79f09dc25d89a7164b2afafa62485b9f09d6b340

SHA256
d6171feaf5bb3732ae9e8d5504b7c962a5b25a654f9eaad39fd93169b9828cbe

SHA512
26af9a9bf3d68d511e40822c06419dc1b1f5b47a863130da23e659837788ed9f2c43479f9b3e3d51bc04597c4eaaccd1847a9e589c4dcae5d73e78664f682c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ea9d7d51019eb9361df4e387888a476c

SHA1
3ad1d1f786146db0c67991d05f43926c0aaea199

SHA256
650476047be8dc7b200e5f37846983aa7fc619345692abac3703b78817fbd049

SHA512
e4200caf7178cd5ecaea9d03bf3077b2a99844b98cdd516209b66e7d71455064233d4b5f63251276fc0b60947619e6a10a4446da9a0aa4d500a31483a302f1cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
707da61ef3101e7b8537efb6d07535ad

SHA1
4173902e82d3ff3830245c55d979e466fdaf5a7a

SHA256
cdfc6057e53bff44989bf5fd81a8148fe5455b43fac0453087f6b9d2171d5f5b

SHA512
0bedd9ea85ab6185c201ea35a8ddaa27669b01649a5a3b23686c4fdea10ab31878673575d9671c7f10c1ea90fb983b3399a1bc2b251e684d1bd9fc7e38f09271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f1ee8b963601637693485d780bb725ea

SHA1
b89c55921ea2eb4452a01c91d95183cfb09a8cba

SHA256
1fbfa28272763817bc155506072b9e2a24932b85fc01c36166e4b36a1f377bd3

SHA512
f40218828f78a9bdfb09a5dbedd678f15712941b9895623d31f7a07c946c5e4df74ec7599e33f12b021294622b6c2351c14b61333c80d1b82d548ace4339b107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e95f79ed79d7e8cd49ad07ea7a86f362

SHA1
ccbaf7ab2aa779e14d5eaf9f853ef5f26bb0e067

SHA256
acca6cd05287a19f0c1afb32efbadbda8dd61ef1179b39ed9d06761c18160c46

SHA512
d18814c6a574888794231dad35242ef0eeaeb45eda3296b76c88bdc7db643225d748df70421ba9cbdc30edb42a9493e0e54a89858605f764394303ee39acc03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
298eac140b8c19a7e7c7d2873ba3f8d9

SHA1
84bd1977c3a75a21e1eb436e2b9da9267219434b

SHA256
38a34b2ba80e3f667864f1cd0dff1466054135978a2fde1c4cac7ef6e49ba1ca

SHA512
b08207871554a2d6cd72c8f2dd8de6f09415e1f7b9915ed1660c296bc25f804795d04bc12d5edb475fe698dd1e23be0deee05858e5bda3f9808e043e08517083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
25a5e9fd567fe94b7031d901b1f6c3c5

SHA1
9b805e26c8e2b0824a7ffd7897870920c5fbd8df

SHA256
06d4d8d29982854421090adc460a7cb93dd9d9af767adc07e2bef85acf8d0f15

SHA512
e6a3ccd4cf20a66c76c086b10f782018a58be11ab2ca3250148d9ea6ba4a79c1701b754a730a11ac838fedd3d80f712270d0611011556ab84336119548e5988a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
8cbf30212a18e736acfcd394d0dde89c

SHA1
3594dbfc67a95bbde35c1189e6997929dde22b70

SHA256
22ce5ac072013dfc07c21ce597b382566fb995e5d1f5322bf6154ac7f67f7613

SHA512
95b54234e913545941895d6d6e6cfe4382a9db62bd7f11361a9f5f6132e5513f892ccb1b24012436cc0bb56300ed76b6e253884b6577772dbc4eeb64d4f14bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
0dcc6697dc90df17adc2e3f9be21b913

SHA1
f52e7f6032aa25d162c6889530809faa474e5d83

SHA256
697d18fe5de28a388ceff34533b404557ba4152f97df5601a6cec6f6ff62cb04

SHA512
fa8d809b66650371fb73f4a9bfb8aa17b0936853c116d8a0d5bfc0930bcfda3978a09010d5c24109e650fe8d3082bc33b9212ebb1537b24799ab6746fb94d2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572db7.TMP

Filesize
97KB

MD5
248aaaa6bd97a15acf5bff08353cabf1

SHA1
01289f250c89ab8e8b0a449a7b5362a674bcae7c

SHA256
e4fbd05355ded0411eb63db907cec0741646cb0688a8affb0cdb8d2eb52cb65d

SHA512
99bf044b0b340b558991d72ede3f16978e274cd26813136261ebb2f84e42a7e7b90ed69a359c349f440c875ed2757d75761d6cc16bb6e0c867fd781847e00aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bb557cc2-ede8-4736-b932-cf460bcb5d05.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit