hxxps://personalflowoficial[.]info

Resubmissions

03/08/2023, 22:14

230803-15scfsgc92 1

03/08/2023, 22:03

230803-1ya5lahe4w 1

Analysis

max time kernel
601s
max time network
605s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://personalflowoficial.info

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355737985775251"	chrome.exe

Modifies registry class 28 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000a9a4f368a9add9016e081f1e9aafd90163bfb5dd56c6d90114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 4020	4524	chrome.exe	85
PID 4524 wrote to memory of 4020	4524	chrome.exe	85
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 712	4524	chrome.exe	88
PID 4524 wrote to memory of 2724	4524	chrome.exe	90
PID 4524 wrote to memory of 2724	4524	chrome.exe	90
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89
PID 4524 wrote to memory of 4472	4524	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://personalflowoficial.info
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb63a89758,0x7ffb63a89768,0x7ffb63a89778
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:2
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4956 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4740 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=828 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5368 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5692 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5916 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5752 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5956 --field-trial-handle=1892,i,7323807222360214350,9890998845985262362,131072 /prefetch:1
  2⤵
  PID:4320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3572

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x50c
1⤵
PID:4384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0da581c135528c0d2b38ebe8b653fb6b

SHA1
57a11a7407524f1afd31bf31a96c94c1247d4cc6

SHA256
7d5cdf655861c1f0ee3b387f59d12b02f6239a07db362959a7945d51f722bc62

SHA512
59f886ce75a320dfdcdf6e8348f912825627746d1bde9d1fc8e772fe8c6e23ea99680c6bb605ae5f905e1c28139edc53685e0cb516d5fbb7c8f502c790dff518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
679b297e2d134bd19bdb584562529158

SHA1
dd310f1516feefa832001aa30aa143ec7287c5a5

SHA256
81e5fbd84f1a43317c1985fdc6dba5d12faaa4380079fa56b50c459a83ed5d5b

SHA512
2fa8fc18807328bcd657b14adf92e0ea1487102e6b9ed6445376144f1a3d3af0bce2eb77b982d393031e4cefe42d5e1b46ed902be76350ab8395f684e8b0d82c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6e59d95fb3b4b535ef40590a0006c76c

SHA1
79ef593ce7426d45a9c6678e3ef5f729b941ef79

SHA256
9b2c1527a91a5b70a6d220552bcdac7a8da0375dc43aea284aea2381bb066a60

SHA512
417e05ea3b87c5ea215f0f01c60a0a9289edd4450317079c7aac65cab7643c7339047785b7eb83119391ffac16f813ec3667b246b8a273228e43ca61c7743cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c690e5885545292657193a9be47d3fe

SHA1
66d3076563b2626558ef35b8d29221c1da0bb0eb

SHA256
08ebb70b06cf65455254affa37c6badc7b02abf32338ebbe59fecac68908db72

SHA512
2ebcb401d162e296b5b299bac67cf2c9a5891bf2f52e3cb99cb0bffe051d403f03d308035b571f5f89f1604c5c940d43147b7934e573ed8b7f9a6055fc752a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9cc0f1af-254b-4cc1-bd3e-561423f493db.tmp

Filesize
3KB

MD5
553ebd6d44240911295e540f993b7c49

SHA1
08165bbe67e048e1a1df8e2c44223b140f641ba7

SHA256
6e86f7bf224ff53effe75c68ac24910d149400c979e3785ace10f6b6dd3cbcab

SHA512
9ece2552b5a06a49f113a7eea94a14976480267cf9e01cede6bb6b41bac441acd24002091d885d870ddeadd61004aa49885f41c2185369f3d0a718fb4d7e6dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3f069d6f25206c15d94ba7a91a857b71

SHA1
c44a506e9b67fcb7a8cbc5e2e7d19500a283a5ca

SHA256
82c4040988eb9817e3c8ac75ee14483309b2d29e47af42596198247a29d854b1

SHA512
eaefcb97c2e044ab601a2553142162648ac26a3d1bfbf79d4813765704ee5052d557443ae3dbd0c3e577954e4a615268efa1c82362f895e8fc746b55994204b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bf2dc72d8023e81d05470f6f11c2ea20

SHA1
a31fcfe5caec375b0c75292cfd3aa592bad8d8b7

SHA256
350a868f7a0b6e73f5c61c2517f860a4c8c938ed8d3a15e0e8c7056c1b4c36e4

SHA512
72678e643eb51081ee350a697d461fa24d84cc8edbb64ea749a939f8af71f0d188d15ea7e4e826bf283df781e5afbc6754093646b97e2f83b1d4e8895f7ec752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6c3972981e770e6e04884efedc59be64

SHA1
79f9e6b6df528952acb6654f2fb3a4fdd791d00a

SHA256
41f48884a8b60b1a52ac8dc2bcffcd7bd4e953da95a15f150282bd67aec386bf

SHA512
49ee61dcd817b7546831ba41cbf25a587f1c7d3cb9ff39d50557189224963be5a2900fe778eb2e6a7ae9867409dadfad9bed8ef68e2cc9447648581e531e3246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
793cb357dfff8cd45bff4d81c22b44a6

SHA1
96b64e1d1c0dfd5d75dd1e0debc661f9edae744f

SHA256
9701f6762940ce2b2641b092960f93b245641d6ba664b51e99b081e7bba6c92a

SHA512
c8ff97407748d2945947f8b3f43ffcd132f720b99cd1e6a4b156bcdd049bd4d91ac40d8f656c05be8139e26eba47dc216670a047a35aa658162e50bde03e3ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70d2b8786ba0dcd5a659b6c2972405f6

SHA1
76e900a525c6330715c7687d4ffcbd228bcd25a3

SHA256
6c17aee131f1a8daf621f26fc18b96d25edbb4b0daa876c892ad545e84ed925a

SHA512
5dcdd5b93951aea21cafb0972994e09a966b841b8d91b1fc85cd1b462a45395163913c5931462425f45e002b29bba8a9935596e184c2e37ed5f0a540ea10f78f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bfde454c30f32ff14b17891581ff245f

SHA1
54316ce0c3f92cd2ace76d213aa4cbf55ac5083f

SHA256
1e60a19d05a33248401754c073349165e0ad16ec85921d7ee7d9743c1e194f42

SHA512
5119ca1033b2efa3ce8d5b5986061e796967e2663a5039ba49bbb3bad34af99a44fef76a6325876127c7a401cc4f6192da8e99865449a2de65f554f895e2eb3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
699d24e7cb84b0fd8a6afef76adbc6fa

SHA1
b7e1833e9a2dbc3ac077382955d3827cc19c27c8

SHA256
980501998fa2855282a841f6f162c30b284148b47ddce532e509a13b25cc1b69

SHA512
b98f9474063ba1778f4d6005d6ee1a87fc2c36f9b13cf6cc8f2ced188b2ddcf0e84f94f8af69734b64dc45deb40d06b5ee7f560fe52f3d64bb397b2a7b0913ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
589ad980110b17189755322fedea2192

SHA1
86b5d098a800278888b70b2a8ef0715d4a8396f2

SHA256
15c9b60ed1a728d6fbb4ad153a0d11b6589ff1a2f8adf207e625b177c6004a76

SHA512
a221c4ae53cb586b731e4aa9821b9faf70fdc2b119e6c8f9bc2c8fb9ac271a540dfdd51ffe62d6ce829dc81742870a5b767e938887c40f0258fffc1a1a925f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dcabd52e8578e3670235c02e7e3bcbd9

SHA1
a737b01895bb151f046305eecf01e21ff5ffcbf2

SHA256
2927eae46973ef41b49bdcb38a4b2855ae0be70d286156a852f5e9b0632d3d9f

SHA512
d5dc371be042a0fd4026b48c0ad2c2938b3fd3c58746c7a0a7e3f9ebe4a8927d7204b29e2ff1553afbe70774152a5b0c5dedb2c44bbf7d423fa3785cb12c7bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
81351fd6201a16b814af079e6b9d7552

SHA1
8a4b883488c1b4f4a422b7cc1c15cc0334863d0e

SHA256
78b859ecd3012d4d04fef4cc46b4fb47f8a11b91d04b9045909109334712135f

SHA512
0daa9ae294da29d4dd74f5dd41f6e1fc069434b72a8b02765b9611c7f42323dfaa361039eb96f98bc0c2b87beeb16760878c2d844acb37c31ea4c97d0461515d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e75aabf03347a0261894b30cc31a3f86

SHA1
e5ae8fc1f4362c49bd8b4969b19389b72bf7dda0

SHA256
cb14ad75108d6797ce87c408c6da747488cbfdb66b41fae7545a15b1290879b6

SHA512
711d889f8c73a0cc6b220bee695d646ddca28781ceae3d13863631095ffd08b57ad4579316adb9e1f13d277b32177b14c8d88f3c38a41976a1836e82c8d0dfda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ecd04611e9dd60b0c9be12c041594d0f

SHA1
ac7f85f08aebd5b6a91a35b4756282e877f3c0d1

SHA256
6fcdddadca79074e5fc80e3173e8252c6865eb99e1824865603ea3e4a2d32007

SHA512
4e4cdc529fe2334dd1ea9da878a70a5bda45a32ec436c385a4d3ec5a7b0fd5c0585bf2d141240bfe4d1fc78852f09c8343989c854e180ddc5a468251b176482b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8d5adb21dcd48d16a1931c6fa1d3b426

SHA1
a6deaa3db0999e7dcfea400619cf21e268b68ff2

SHA256
4c883ef4187f0985fda9ed23de86e274598c454292d32e7e5f70f97db35f36dc

SHA512
90b1b9c18cb47fe7f91cf67b9fb1f7113ced3e4909328c37e862e817713a4d2ac7a60a5d784757d85da65a7cd875f5c49f04d18e6ca5acef78cef408b49f2ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
4b4b83ba368e1102d967d5050709bc61

SHA1
04614366b7330ff77670242b7fd54cdf66ee90ff

SHA256
1679cb1864b8b34f7d0a37a3610f0f6ffb2dbe473885800e1856e8f56737b8ee

SHA512
30d89e641a2fa85009f6ce3d3370443201516fa6f5cc0c8a7de540cd46a650067e8fa0750797513c05f1780f58dc5544dc177fcd8311f2e7208021d5f67c8980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
657bbf7401005fef42b1c6d93ed1bfb8

SHA1
f2abfd12a0ee6e256ba7fb981f9e46bce2078899

SHA256
442255cb7ec5da806d27600ada1480681d389dbdfc61f8291f2a559c454c71c3

SHA512
b2e25e6cdec3235a33ef6c3b470afd5e697311e3ed4a78762ab4886762e19e1bbfd6094cf6562b323a5e3776e59a0c8841324700b80a2c13ae798f9868874341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5fd7fa.TMP

Filesize
101KB

MD5
867657d120e3a96b71b6ec230e0d7b27

SHA1
8b7234a4a7914576d18013bfd81b66631599c850

SHA256
207de3a5e6c127dcf8da38ad5b3095655a78cef1ccc839e914d91fe931c8e686

SHA512
8b83a0092e78324830a4b6eb393266e52a752c0d40a079c5e9e255a889980d9ea5a5dd11d4894fcc4ea30a145b2d93de94009763df9ccd6cdfa4823abf6290d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit