hxxps://id[.]atlassian[.]com/signup/invite?signature=eyJraWQiOiJtaWNyb3NcL2FpZC1hY2NvdW50XC9ibmRqMmpvNGVwbGx2Z29vIiwiYWxnIjoiUlMyNTYifQ[.]eyJhdWQiOiJsaW5rLXNpZ25hdHVyZS12YWxpZGF0b3IiLCJzdWIiOiJhdWRlLnZlcmxleXNlbkBzb2RleG8uY29tIiwibmJmIjoxNjg5Nzc4OTcwLCJzY29wZSI6Imludml0ZSIsImluZm9Db2RlIjoiaW52aXRlZFVzZXIiLCJpc3MiOiJtaWNyb3NcL2FpZC1hY2NvdW50IiwiZXhwIjoxNjkwMzgzNzcwLCJpYXQiOjE2ODk3Nzg5NzAsImp0aSI6Ijg5M2Q3ZjFjLTg3NjUtNDYxZS05YzFiLTk0ZWIzZmFhYTA1NCJ9[.]jPe11FXKVL4TnKhn4GLxeODS8eqGYuKPwtQCQeUblfHcDBB0aLeRtaHVHa5Hen8gCG2mezzBp9DrPNPK9Hbd3MmlNOecUY4A8nCZ0PpmQYDXytzDQF6Im8-tSPXZivPz8WdF1dX39G1qUe67FOLvnZ8lF_vsYjyE3uvSEbYJvYWyTWML-iYloCmDYopbRGBQXT96hG8TEDQ63uLIDIVFs6mtqO9_sW4-XLA94Pn_TyMkCUHBLEJKJZYam0GgpzndpMaHFTiVajeG7O-p30GiVhfnOZto1CstyTQuACU5XUNmi13AQ7ev_vNh6pfHWhbq8KBGKblMPediMDb0z1pTIg&infoCode=invitedUser&atlOrigin=eyJpIjoiM2YwM2M1Njg4NTI1NDdlYjljNTBlY2NiZGQ1YzRiNjIiLCJwIjoiYWRtaW4ifQ&continue=https*3A*2F*2Fsodexo-brs[.]atlassian[.]net

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2023 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://id.atlassian.com/signup/invite?signature=eyJraWQiOiJtaWNyb3NcL2FpZC1hY2NvdW50XC9ibmRqMmpvNGVwbGx2Z29vIiwiYWxnIjoiUlMyNTYifQ.eyJhdWQiOiJsaW5rLXNpZ25hdHVyZS12YWxpZGF0b3IiLCJzdWIiOiJhdWRlLnZlcmxleXNlbkBzb2RleG8uY29tIiwibmJmIjoxNjg5Nzc4OTcwLCJzY29wZSI6Imludml0ZSIsImluZm9Db2RlIjoiaW52aXRlZFVzZXIiLCJpc3MiOiJtaWNyb3NcL2FpZC1hY2NvdW50IiwiZXhwIjoxNjkwMzgzNzcwLCJpYXQiOjE2ODk3Nzg5NzAsImp0aSI6Ijg5M2Q3ZjFjLTg3NjUtNDYxZS05YzFiLTk0ZWIzZmFhYTA1NCJ9.jPe11FXKVL4TnKhn4GLxeODS8eqGYuKPwtQCQeUblfHcDBB0aLeRtaHVHa5Hen8gCG2mezzBp9DrPNPK9Hbd3MmlNOecUY4A8nCZ0PpmQYDXytzDQF6Im8-tSPXZivPz8WdF1dX39G1qUe67FOLvnZ8lF_vsYjyE3uvSEbYJvYWyTWML-iYloCmDYopbRGBQXT96hG8TEDQ63uLIDIVFs6mtqO9_sW4-XLA94Pn_TyMkCUHBLEJKJZYam0GgpzndpMaHFTiVajeG7O-p30GiVhfnOZto1CstyTQuACU5XUNmi13AQ7ev_vNh6pfHWhbq8KBGKblMPediMDb0z1pTIg&infoCode=invitedUser&atlOrigin=eyJpIjoiM2YwM2M1Njg4NTI1NDdlYjljNTBlY2NiZGQ1YzRiNjIiLCJwIjoiYWRtaW4ifQ&continue=https*3A*2F*2Fsodexo-brs.atlassian.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343260136698252"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{236FE2DE-255C-44FC-A431-8CAD2545ACDA}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 3640	4988	chrome.exe	34
PID 4988 wrote to memory of 3640	4988	chrome.exe	34
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 3676	4988	chrome.exe	88
PID 4988 wrote to memory of 2228	4988	chrome.exe	89
PID 4988 wrote to memory of 2228	4988	chrome.exe	89
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90
PID 4988 wrote to memory of 1708	4988	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://id.atlassian.com/signup/invite?signature=eyJraWQiOiJtaWNyb3NcL2FpZC1hY2NvdW50XC9ibmRqMmpvNGVwbGx2Z29vIiwiYWxnIjoiUlMyNTYifQ.eyJhdWQiOiJsaW5rLXNpZ25hdHVyZS12YWxpZGF0b3IiLCJzdWIiOiJhdWRlLnZlcmxleXNlbkBzb2RleG8uY29tIiwibmJmIjoxNjg5Nzc4OTcwLCJzY29wZSI6Imludml0ZSIsImluZm9Db2RlIjoiaW52aXRlZFVzZXIiLCJpc3MiOiJtaWNyb3NcL2FpZC1hY2NvdW50IiwiZXhwIjoxNjkwMzgzNzcwLCJpYXQiOjE2ODk3Nzg5NzAsImp0aSI6Ijg5M2Q3ZjFjLTg3NjUtNDYxZS05YzFiLTk0ZWIzZmFhYTA1NCJ9.jPe11FXKVL4TnKhn4GLxeODS8eqGYuKPwtQCQeUblfHcDBB0aLeRtaHVHa5Hen8gCG2mezzBp9DrPNPK9Hbd3MmlNOecUY4A8nCZ0PpmQYDXytzDQF6Im8-tSPXZivPz8WdF1dX39G1qUe67FOLvnZ8lF_vsYjyE3uvSEbYJvYWyTWML-iYloCmDYopbRGBQXT96hG8TEDQ63uLIDIVFs6mtqO9_sW4-XLA94Pn_TyMkCUHBLEJKJZYam0GgpzndpMaHFTiVajeG7O-p30GiVhfnOZto1CstyTQuACU5XUNmi13AQ7ev_vNh6pfHWhbq8KBGKblMPediMDb0z1pTIg&infoCode=invitedUser&atlOrigin=eyJpIjoiM2YwM2M1Njg4NTI1NDdlYjljNTBlY2NiZGQ1YzRiNjIiLCJwIjoiYWRtaW4ifQ&continue=https*3A*2F*2Fsodexo-brs.atlassian.net
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff936949758,0x7ff936949768,0x7ff936949778
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:2
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4952 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4956 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2444 --field-trial-handle=2000,i,12048359846815956293,1275562442117978539,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2256

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
d9ab40e8f3d6af7403e8405861d0c3f8

SHA1
12295a758f28a5a826ecc05324c8347212959325

SHA256
4fb2068df7da36abfda5f02519d734615ee7c715e416eaa6f71e4afc0651f04c

SHA512
958d758f8d536b6b983a0d6c41004e79cc03694099105842ab2980b30327ba58a2981d823ea210e96b88642c5c25a7a3c86f6f02f47ae9b95a121813bb183697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
001156fa75d003cd196fdb7cf9f5eb3d

SHA1
d28c2bb9a225aa48c20133ec1a9e673bfbd68d50

SHA256
7df61156f31418a817b40de8a51ef0bc73f612bbbac69b38f794806b33d7dbfd

SHA512
d81d65d6ade06f592544550d45ec4ce7a98c8b93c97a0c20b925582a3162df5cb63cea9da7305885495d075e8c8795c17ede22a8d7968cbfef5cd54017f067e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
d13c7c78e8b347f61be615a915c8b618

SHA1
773131e6f816e0c1f29b5847afe333b28368cdb8

SHA256
833c7ac9bef8121735e9cf7af0f0b9503b84e656e8d3baacd6aa2919af682d51

SHA512
59f334ac6bee9bd5f453c6d3ea25a4efab90df82281441a343d5180c1023d308920af70c213a71ec4db33d2551aa398e4a51899420a6aaeee9a78b4a8cfdc834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8becf946d096c1f1bc664a6212d32692

SHA1
950b0af314cca2145d6643e85cb3c3922142ee5e

SHA256
ceaeb4fdf7f08cd408d487418df4a289168de9a01808c3ac551103dd97c49790

SHA512
82856cbeb6a9264a93db33490030a4259f73e07caa85938eaf52ce74d54b01a2b5977c30d4b8117b137e323cdd7040008ca7176b1c60b9ffbef98b2624db41db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74a04ee25b58cfdedb7188772c246704

SHA1
b068d105cd846206d7434b304b5653818e252fe1

SHA256
545f42c2040bd862eea12eff10fa98581bd5a621de2acbc5d2ea0fe73a3ed01b

SHA512
ff3c7aa3b435438e702371e36cb37ac07e1246f49c8638acb134cdca6f82df832a6e83eee4e7a4b224d6816d4216360fb13a40715bffc0191586322e6993cd37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
423e8b9cee8778ddf5da57899c68467f

SHA1
969f6aba82dc927eff0eebcbf6aa8f7d59a9b58a

SHA256
2e3151f11f63dee35b2071b0eb6694fcffe7d91b1da34af761d08a62ef8b4804

SHA512
0ef66a85232ebaae3f4c54c0d880858bff194fee67b25bc9002d483dfa7c3496612e95ecc0e0f38724f1564ec48f966e81b3362820c9017ec3584d90effed917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f245048215ba7ed0cc35cb8b05dbf4bf

SHA1
b1678162a76011f24111d4c1ded2bbcfba36589f

SHA256
4ffc938c54a036532dbcbf27d97d69eedfdfe5107c997bc311b9c5c62c6bea9e

SHA512
2ff53b045040993cfe99a61d65ba7335dd22a1cd396b4a0897d34e8072ea1a0b91a085b7d40897a71e9b9cf49c7af5e0cdde422f518fb0947c3d773d523f53f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8c393d06bd363ec6588312304edbd60a

SHA1
894d5505764cbc3f6186c569395bedc4c602cad3

SHA256
faeea39f1d29af3c982a4d31c1b5b695a3092be1d9c4aa52a7a44d5229091dc5

SHA512
0918d73f60ac4aeebdc3bb3ada66b50b7604f63aa72902dd7b79471c779f02255fdc7bc987043bbcb090191634929ced776900fb50c951afb374811438911bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit