8dbe95021e8e3fec2696c2ba3f9b323c1b4035775150d3828b0bbd835b49143c

Analysis

max time kernel
299s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2023 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1146106239529525449.html
Size

9KB
MD5

df14b0b05ef44c2a978d787c9ca4ab86
SHA1

2281e1d467274228dcb54c3654cffdd59eeadcfa
SHA256

8dbe95021e8e3fec2696c2ba3f9b323c1b4035775150d3828b0bbd835b49143c
SHA512

1408ce030d2f275de161bc027462f63365ef4bde77fffc858e090251cc655378e957f31eea403693feb6e282ceaff7d46b89666be3502e6f6d3b30a8e0e20fad
SSDEEP

96:nSTQBu8ufRrkzrRe5oacbryPd64pza1NzND03ApWAeRko6eMeq9yTMQrSSCw:SMBuBRrkceyIlNzR0OWA+MeWyThrSSCw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a2e44decddd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1294014928"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31055340"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000776f9e01abbbd44483f1dd33e709243e0000000002000000000010660000000100002000000084cfc4c837f01f98e71db20994b5bc39d38a45329acbf2754611c59b9e151450000000000e8000000002000020000000aba2c6b0926b9de6d3e45316e51e4d4d190307a1bf56cb545a919bd3cafee7992000000096954968b7d2968edd61d88cddd4741fcf50abd34e653e0825231820c353dcb7400000006c9d9e59bfb68b8a0cef4f8ac94050b9176f7a80a1e7e92e6a29dd61343ccc378a544046762230597c61390f28999789a67cd16d1cad5d9052fa2e3faf229752	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7797AFF0-49DF-11EE-A3D1-4E8EE27A950C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1294014928"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000776f9e01abbbd44483f1dd33e709243e0000000002000000000010660000000100002000000060a3d2c615b46afb8e8985017cb93acc9cb647f41bfaeaa63836699395d69592000000000e800000000200002000000090f51f827f51d299ff3adc934e20bf8cfa8b2957a28be24061658569aaf2ab3820000000bfe0c9197efd37687f639ee514b118379c4971db8efcdb3eb727f80195eada4c40000000b67b03593c31ef9e94d279ef5f909b64a579e2e7ab9d2b83083e83310c451bf84bfe2f92294a958ce7166921e1e48ea257127e2a858871fb4abe6a062408f96e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f08df74decddd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31055340"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133381670772308432"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3160	chrome.exe
3160	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe
Token: SeShutdownPrivilege	3160	chrome.exe
Token: SeCreatePagefilePrivilege	3160	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
888	iexplore.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe
3160	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
888	iexplore.exe
888	iexplore.exe
4464	IEXPLORE.EXE
4464	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 4464	888	iexplore.exe	85
PID 888 wrote to memory of 4464	888	iexplore.exe	85
PID 888 wrote to memory of 4464	888	iexplore.exe	85
PID 3160 wrote to memory of 2612	3160	chrome.exe	89
PID 3160 wrote to memory of 2612	3160	chrome.exe	89
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 2556	3160	chrome.exe	91
PID 3160 wrote to memory of 4444	3160	chrome.exe	92
PID 3160 wrote to memory of 4444	3160	chrome.exe	92
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95
PID 3160 wrote to memory of 3816	3160	chrome.exe	95

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1146106239529525449.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:888 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e5fb9758,0x7ff8e5fb9768,0x7ff8e5fb9778
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:2
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3244 --field-trial-handle=1896,i,6851277665202955570,17491372281327105546,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8dc9f706241f28dfbd4c30d43151f29f

SHA1
2b5519d4e98d01305817c64b9d26ddeb9b722871

SHA256
f575d2aa384ac7082534b80c57a209b11c781331f7fa80c993a0778b1116d9cd

SHA512
9ed1d002dfffa067ab26029488124fb104892da919c7e8db9994749d5afdcf79a8d5928789add6fdb7bb22f19e4682dce72806869418393c8b28808943677c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5fd7279e86b518cb0499e85eaa557fab

SHA1
c6ecacf6d0bdc647fd8584a326dcd5295a167383

SHA256
cb7f5a6f1d588edc260be28d9f4ce0de4e0fab4d86f244b0cc98397f00aa7385

SHA512
ab640236a966dae3919992e7110ff8160aaaf182389ef401e9fe1375f828fad0dd85b4440f3fb831eadc4f1dac2f7c34e354b314e85435f8143de290ad5c06fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c3d1406d364fb69c7a34e2acd72c830b

SHA1
93e227f9f4826247dedc164f25f634e51d748baa

SHA256
0b1b3eb41819a3150571339d32897a37935058d68f1ede74a66acd4799629f22

SHA512
b6805d078dba1428ecc8434074a6557dfa78e22e73f34bb2bb96b53e14b0fb531c0d6932392743fedf2a7dc30c8514b3748a7726196a740c46cf90da51c42bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e9375b4599513075686fa5bb90420a19

SHA1
3584391288780a4a9b6d8fb6a0b342fc3778e289

SHA256
b000f6575c3d75e0586982d21250521a8a01efcaed64a4f1a361afc5169f1bd5

SHA512
2857b1bda515b4bc3a99309ce2eaaf926bedcad6e9f555d1cae35efafadbdbc4731e84c62b2d105e802a8bb5b78fe1898e643e034af44fcb22e3c5cc86b978c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1190001f29a2d5ae75ea40267d07ec6b

SHA1
d980240a146d6473d0032b0e3258bd5fb449fed8

SHA256
81807646b02585cd7f6db981b07661d46f5f5525d883531d5decace8e9ab948b

SHA512
c12e61b435911878aa9085ebd957e64828a3f34f200724050311f69c9311f00b5a4a188e2ffff170c469a75da682960b3664b27f0ab169af23fadcb08cdbb3ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9367f8313fce9d56bf813cfbf2d7047a

SHA1
bea605a1621f0159e9d0c1d1e0e8ad82974b2d6d

SHA256
09c331077a6ca18b14ca1311f98df2d48b5f3782481dd8c5066555fcfe9d84f4

SHA512
10e7325577ef9213816351b4cc898bb9ab66bcabd16008c50fc24df519918f5cc7fcffc26a2b89045cd5a575176e443a57fef39fe163c79d0c896d16e8825c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a9308189f3aac5a0761142e3b108b9b5

SHA1
9847d4a29c5a082e890e8e1a9e234a2d6da98eed

SHA256
7c795000d9784047d0a26d3ea2ea5134f7b085c7fde887fa83c71c781bc0e820

SHA512
6f0e6902a3e7622e3cd5b4f8c740b189b224bedab49cef5f816166dce9c1c368736b2d770f15f248e4eed78b814073f567f0e960dfc0d1e20c3890ad3d92e152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
48a03de81ae1cfdb728a37d775bbdaad

SHA1
95619c609a47e403247efb64422524b470ffb866

SHA256
073e1d8e42b90b29555daf8170edac6b6c305bcb581141f0e002d2921b56f1c6

SHA512
86f3ebedba06f0552566c83810d41dd97362d6337e488665e08136b239e9ec8fa407cc797214b4f1d9338768b824c072987d40e5dced2593ba6efd842c03b512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
190KB

MD5
8cf185b44152f9e84e0a991da8833a57

SHA1
2129aae944540629011c9518ea2c0066ebea0374

SHA256
5f621ec3b18ebee2ec4ae56df0178cf33be0bbdd674e33cbb3e033bc73c87d21

SHA512
697a951fa197010f91a482a4999a9b4cc8a4feb744fb058cb0338b5d7dbebe856c1d75f0fd4b115a0eb0a958b249ffdd14d03f6f6e86cef0ca7f052ce5a600e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit