hxxp://worldreport11[.]site

Resubmissions

10/07/2023, 19:36

230710-ya7sjsda89 1

10/07/2023, 19:35

230710-yandxada88 1

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2023, 19:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://worldreport11.site

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133334913920685590"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: 33	404	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	404	AUDIODG.EXE
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 2336	4772	chrome.exe	41
PID 4772 wrote to memory of 2336	4772	chrome.exe	41
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 2044	4772	chrome.exe	87
PID 4772 wrote to memory of 3124	4772	chrome.exe	88
PID 4772 wrote to memory of 3124	4772	chrome.exe	88
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89
PID 4772 wrote to memory of 3788	4772	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://worldreport11.site
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd30489758,0x7ffd30489768,0x7ffd30489778
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:2
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4988 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4824 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5240 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4044 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5384 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5468 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5088 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4756 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2724 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3368 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=824 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1660 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3292 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5744 --field-trial-handle=1880,i,3946601373022385727,9763116516980986039,131072 /prefetch:1
  2⤵
  PID:1812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:404

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
86KB

MD5
7382594577e09f23a3fc432ba734a7ca

SHA1
82c010787734b0b2e43b072da527adcedf16cd6e

SHA256
0801fd0a52431e6d32215c19667b18d6629b0f806acf86084863081affb61e98

SHA512
13abb104476ad6e922ad36db06636e5954d717db9dc8ee4d432ce316fea4bb169f8d4f7b340ef985c0a0c5a782c9c7ab509869509a78ee7bb7d32190990a0ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
0ba972e3efd257dfb38d92777ac0b2ad

SHA1
cbfef93f7880a73fd90a6c86007b32947baad265

SHA256
959c0c64a30e00dfd28fcc87b250ed1e01812f27a294a8eb35a8a8d1bba4549d

SHA512
ee903dfb3e0090a164cd954688e41d3b43f008fc33b5542c9652115f5dd291cef8e52a4b2f20522ef743d19a324bed5dcaf15aee6083d8a1a69bc24dbeeb353b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9e11cf760995a80b7a486cb7b26a1207

SHA1
34b84da744f8c2313a45d9f4870359665f9c76cd

SHA256
4538a32da64fb0daef72be2124de09f07b85f51ac529f8a7b2bd2cca6e5efea2

SHA512
e0e140b9ced411328257fbd9e8f50b03291a58243a7764de349aa325aeebf2b13afc067d09cd8e3da39cf1fe4487d0f9517395bfd3d61e72432e207e1778314e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2400b402b2d8b2ab1be4c13d5daa1eba

SHA1
3017f3f189b7841a8a3cd0ec76e284aec45ed18d

SHA256
930f8fec30f2ff0e499741979f359ec51a0025bc8393be66d99db0a5728a0995

SHA512
74dcfc8f35162ac6b244d8ab912c3478cca9227f8f4c02aff19c5adef9e66e827ca783a79b9fa9e721d624e29aa2283615609ba6ca55c36003b5610eeee760e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
de6ce2f3438c95f85a41e2ed94e2414b

SHA1
28544eb2c54a77b0f48ee675454a78f4f4e3b8ec

SHA256
be1628e8c3996a161eaa76c15e2545b58545154d0e52dbb81c4ae746f2afa363

SHA512
cd6d900bcf9fe8a52aefdf2830a1e3ee7f7c0b94c0f0b5696aad6e9afc389434bd0c90f49ae7dec435acc39e8e7038e5a1852688b0eac2cd5e0aa455db60a6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a84e0043a7ac255424c546c795fe66e

SHA1
7decf270cab0e7aef8358203d35e566ea1ee4d26

SHA256
9ce0ce3dc1781057454a87a4fbfb00dd58342b47e022671ed6743fdae18a4c23

SHA512
07fa925fad5a5a3549f0579294fba7a1151100e888b784ad2b18b0286dfe92f77097556d7b262940cac143ed3495ed3df45d96f050b6ce6c14863c4d38f536c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2d907f64e252d1166926e7dc63bf9717

SHA1
0716c5a828d4b00d713d5430279dedf39449ef7d

SHA256
273766ec89b1847fb95a9afb1e9e08627957981bd457eac09c3cfbd709b4f47f

SHA512
edcfb822d9aa53a357e580f155fb6c51b76d1113418a5d310b141be54264e99c6348279cb741898b3ccc1153e8448318a3963b89e0f39f32ff36f7b0fce43d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
128e851d933820cc4772cfc887e55755

SHA1
eda7ce5d7544cffdc84a40a2c822b907a794b42c

SHA256
ca61617e65c66c2cfce885813f2dda3c1fb166f1d68b27d8953a49087598cac7

SHA512
860c868723c3c1aebc75bc8388b118668fe14904c8ee680501e782702353c4087185aff19eda4ec16a85b0576a80547fc2ca4ab5d4f090205783ba9782dbc9f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
edf33e0b1a551b78eb7f18c6eac5cf0d

SHA1
b84b5de4e88019fd99c4fd2bf45ebc61dcd4051e

SHA256
61c0325208ca3fdfbe370a2b149cb219c7e0ce96bd40966b011e386b3537e5ec

SHA512
e6007fda6718e9299f9cddf0a0aeb6f3f36ff2215fe990188224f2d97ecdd8b1474ec7d790b350f3112c58b2e19f7292d9ccb4edd7a3d2d812541bf10bb37cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ec43467fc0a9f0713852f36f071302aa

SHA1
4a6d3d1d5fc133a458f38f3b6c0d967640d6d11e

SHA256
c32b1827e4830eee381f622c0fd9d7b4b6ec73b7c8386e5f9b841815d2c26467

SHA512
38f53494ee01f1f68e1467a5c7be7c9ae6387c4965a4943e78c5e6f6777b4773d8dc27d28b8ceec9a5cb39719ea7e279086ad85faf4049c70826b9c8d42f8052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2996e03c17cf206c08b8ef6bee8c5561

SHA1
0f459de7aaaee23c60d933787190d7c5d37ebd80

SHA256
50976fd3194b4b242b40b4498d905411b7263cf34f02ab5ab2d9aa314834cec8

SHA512
e29be94d3964ec7f10eae9c0f77ed4ed58f16624aef04c64731d96f5ad3353f485470d243e477674ef35a141d8e834e28d8523a66e872bfedfe0852f78b202f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
e5c3a25e5dd4668d58bf99f956eb5bce

SHA1
6181445af841784af8705846463ed7d0bf795304

SHA256
103a9efb5eb3008d01329b9eac0cd22b5a0ff6c7c08f62518adecef1d70a92e0

SHA512
59461d2004898783d473bf9ff28d83beb77670e99bb66496250d43a05d97359c30622a950898d7ee5c28e88647d1d0cfd1a6685a451e10c676719123f3022488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580be2.TMP

Filesize
48B

MD5
a54c4fb231ca7e57b99a6fb9695c0bf8

SHA1
55f828f2f3acf308f68c15955eb78508bbb05280

SHA256
b353a640b74944d8a7de499968f5ec7e6306b593054d7d5589bf29df158ab695

SHA512
d4966dbbbf5f1cb6570be536f08b5670a19b17c709c5f3bc786b3b7d74920635dcea931ca3d049c89f4d2559e0f43ad2023db6df0fe3232be3f0d5034d4c5cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
952145be5370ebb7932faa546769f423

SHA1
203d394f95328ca85c3a5cd5d48b42f449d8d08e

SHA256
ad0e74d96695a4cdc9ac38fe0e683aa28c0a3e8d992716bae963c7206aa9afca

SHA512
8b56feba41c07a482b7775522adcdd62c810140a91615766d1d65550e5ab2bcbf2367657bf601c27ce4fdb25d851f342f29d75961f31bb104a317701b2832025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
c595819c5dce967655a0269cf9a87f29

SHA1
2da6b5e3f4ad6752ed41a7a0d587f0185ec7680a

SHA256
e8d16b4293a62edb46d0e980b3693cb5adddf59aa97f0623a988fefd73369406

SHA512
857fa8f86943a13ce4e47ca0646cc398c637024d823049f78a6ea9c6b6d9c8d7dc0d039ed013c087dfbefd6482b0dd10926feea1ba3b0033332fade954b81dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
71a17123b07b2b3ea58723b14b226763

SHA1
27e9b07abe8ec5b3e39313f11d4101995ba38abf

SHA256
a9581f45864ecf25476ac58a9e9dcb7bfd433ea05bdd98df6acb5eee4e6f4c24

SHA512
94f745aa7726382d028ccec3fbeca276053777f7215f3be8e5de7f558a822c17e73826e68bff7e0b49a704cc965ea0e9480fd05da55afeb0f76eb3f0c21d136c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
1ac96b11cd4a08713baff7f89a58d09c

SHA1
e59ab3c5bc3f7db65e0b9146a79d5252aa4a92f4

SHA256
2d918d2a786b026a014f037bb29d4beeefa99891c967f62974aeb5e303b63394

SHA512
e26410917716f898705f5e41a9dcdb282ea9563ee13858fb48137060f6c7074cc4acafb05cbbd9116c64996c7eff73b6e6ef2f2c857b9f2e2f30f9b3a8ff33aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe594ee1.TMP

Filesize
101KB

MD5
1a097685302f63d7aa0180fd7f7b9354

SHA1
6dafcc9c8d187ff741d36c3ad3036cb0af8658f9

SHA256
3eee8c2d2dee029abe959b5e772317021e8b1be310cce035e8675ebebac9f0bd

SHA512
af88223264d5b9d04eedadfe53738ae6cd455966f4a49c7899354c3889a72058459a1e5b0c39e2354dba935940dfc2221db811433bf8aee7191f61353fbd5436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit