hxxp://click[.]newsletter[.]conservativeintel[.]com/?qs=5d83b8f7ade5ac1db558a95834b18e629a66c9bfaeab5dde7b4ca025e65a1d928e1ae6151c9a18b4a89e5bf4afadb16be7ab72a4b467a2fcfdca575d2e64b96e

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2023, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://click.newsletter.conservativeintel.com/?qs=5d83b8f7ade5ac1db558a95834b18e629a66c9bfaeab5dde7b4ca025e65a1d928e1ae6151c9a18b4a89e5bf4afadb16be7ab72a4b467a2fcfdca575d2e64b96e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133431752647363773"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2231940048-779848787-2990559741-1000\{8BB56FC1-1C8D-4C8A-945E-9C8D93AD4E39}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
928	chrome.exe
928	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 4132	928	chrome.exe	70
PID 928 wrote to memory of 4132	928	chrome.exe	70
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 1284	928	chrome.exe	85
PID 928 wrote to memory of 2960	928	chrome.exe	86
PID 928 wrote to memory of 2960	928	chrome.exe	86
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87
PID 928 wrote to memory of 3092	928	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://click.newsletter.conservativeintel.com/?qs=5d83b8f7ade5ac1db558a95834b18e629a66c9bfaeab5dde7b4ca025e65a1d928e1ae6151c9a18b4a89e5bf4afadb16be7ab72a4b467a2fcfdca575d2e64b96e
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffae919758,0x7fffae919768,0x7fffae919778
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3804 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3912 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5440 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5396 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4804 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5796 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6504 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1616 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7136 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1972 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7128 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5016 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2500 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3572 --field-trial-handle=1880,i,18174031105450623447,7841988920664489273,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x444 0x518
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4955c6c634f4f2f75bdb3ce43e89f5d8

SHA1
5d0a5820aafe61ae8f35086e03a8f644c0038d21

SHA256
a1aae95546292995c8460a0cb0417aec207de47883149bbc64730fb9265143be

SHA512
3b350123f84074c252b2f32328e37922c0b871ad500e40dc8c260067bc0a031abce060e5c8211e66d866faa205d9ac87717e4e37bfb69fe5f55ade23f5dcb8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
315b651855ffbe9ffae6e99fb98ef1f1

SHA1
d5b9ac306e36f7b25dacf311de2141b82060640e

SHA256
6348f35a73bf079518471f3ed4d9a565a5e3a5ad4a3565aad94d090267c34ad2

SHA512
d2968291f4a80df06843ae403f7079fdc1eb0fc45a0742f5c7092a1768a6e0ea5d0c465dcc36a43a22b0607f0029877731bf4611f5ad149363e1b8cab6c274ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5afa879e19511347ef83caf6ec7f1603

SHA1
74092b0266649718813f547b4f0e0bcb2879ee15

SHA256
36f370cc95f2b608b46009ce39d8f1ee3c43a8f674f0c39568dba0dcefe7fe0f

SHA512
914ce8806b6902733a26d7e87682ca79b6e1d7fecf4c65111fda31087c546f2fcd4f094d17de273da85a586e37277cbd8ec8ddbebcaafbf64ed58077c22bcfad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
71311dcaab1f9249fdc59bf8d7aa6543

SHA1
c25e2380dfb142b9f013f0a435c46d068f20daa4

SHA256
0cab05184c9bf2e86b180ef9f7b0d08e7d1f2385a7bdbe0143ecd73bb1596e45

SHA512
60da7a38e224c36de6dcfed2101ff93fe52a208ebb50d99f1f1f4f032b96c3a3f324a522cd59080403ad80bce39e14d9489ba92b46ff35b72f6fed1126d8a2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
186d332916604d9e3b27137c41b5fe82

SHA1
186ae61bb96ee2e1c27c803a04cc0143217cafac

SHA256
d8dce6c45b353333a06989db7adc8693e0f4b5027f392b5782f8eb64090fa4c4

SHA512
4fb0279b93cd08fe3250298d4e2482db72604100ae30e6b77b1f3cee9f192a81261b2bc46365e775131b25df94b861dec016705aee90111efdecaad9f310f543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
99454ba9a23d1e2bb2fdbef85049247f

SHA1
e3f1bac7fc829535e74e8a7544c6ebec0e5b8b70

SHA256
d478c724778eedcc8b2aeb4a7ed98194b8aefcd43716583be0a9438569699f65

SHA512
e2177f4fece5eb287d0ca5cc9b1afa5c1a6a80af511820f22a0ac4b0a56e66910381ad5465ffedca45171fcbfc066f014166362ab44a8094bce1eb3f3cafb0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
758e38e48a0493776788c0d2b8224cdc

SHA1
97eacae08710e9596f284fa3750b93fee332089c

SHA256
3d4433c8660422214c909c14ae3dc3474ec611edbccbaddf0d9acd6525764216

SHA512
b4a92e38c0ad7a191fadc8697c9984805cc99bbf64e1046aaafece49961b214033bbdde0cda77cdd412dd3c5c15dff0cb4bf1b79ba155635b6491a23c8991823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b7f8f3a3f8fc436862dbc7bc09c23567

SHA1
93651d6f98b46baf4c505c9b70ee9fb2eeed666f

SHA256
cd7878d31c980bbfbfe852a8e54ae045b453908e14feb2f10b4e0ad96ed5f5f2

SHA512
4791f1bdf8ac44f9f40d0034e8a549a0aeeff615fa261550d58172a2ce7b6b73c8d04de364728b23582eb457b8761d70271e1b2063dac0e3ff4a38ad0621df9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ff1834ca3428f7754d2ec08540e6f0d0

SHA1
b53d1f3b2530e702265aafd3abe654c384d35c09

SHA256
b04fbb0c3eb16bc743f899681fbf756c86181bd78b210b777dffda36b5d53291

SHA512
9866635972cd06bd67dc0a30d23b2be8d23b331c758785ebc9d8e4f1a6f1ed8e7a60ec6a33b7930f510a78bf5b40ea7530f757e0757fb3c687bb9eafa596b4b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
790356f874865b839d9a5177d51e05d8

SHA1
e4a7aad344dc6bae6d25be87e192996f2bd1635c

SHA256
b693f4c384a75ddbd86f54f7631bdc2eb1c86f98a07fac020b366e4ac064e838

SHA512
787fbd86a9867bbe87dc8c0e9ec12a431f1b4f0e2c80b959ac80fe3c3d704e9baf03c452968723d26724358148c7861d03c24d638ac6e14afddafaf915f74a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
eb4696a73d43eebbfd29ba54c01af38e

SHA1
160fe70129464a42d5dbe0bb321603a6de4c278e

SHA256
e8fea47577f67d3eb73352217e5d3cfcd740c85f6a296b5307d81483103b9d10

SHA512
644dd4365705a84a18693883c903e28d9a0c110c084954543925a2caf3f6fd6f7b3566e31dc64dcbf9b160469c040635e24c47d9f1dd9847aa34f73eb86878e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b9718b6803b58ae5c57ba462737b221

SHA1
622f62df9b62a0ce4b0f720eb54d9a00570bcb96

SHA256
2c5d02a0aea34b878c321fe5a51a7891d615412de151eb7961d2d56e1ef79f4f

SHA512
47775c7435ab341be8bb4ed6b2896771313419473e960c6c80d60977bf6c2439eafb564835b31b769e2d3da4b81030ace25700f1579e580ce9f5e00d23ebc007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a61546cf617c0825a2c82c96dc016c95

SHA1
0495ae04e182c65a077e02733b1499dad15da74b

SHA256
669c21abc5ee0d4b2fdc5a74d7ad6f4643923ce9ebe11bca0c416941958cf02d

SHA512
833cfde330b1bb9c7beaab5e15274a10fa0641dce828b60c57e8bf3b0467ac58a93228a4c75cb799e08b1d0786804349112b1296ffe59fa958deaf82eb27d763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe586cee.TMP

Filesize
120B

MD5
6c05dfb306cb83d4b6c0cd8815da7821

SHA1
f6644744a06c82cf2bd8b63da9d41e95e3a3f57e

SHA256
a3e448870e9ba07f7d3fbd684c8f781c25e613b284ee5be09b3adbb7110c01b8

SHA512
89b7020c48a51acc69d6e052f72448186801a78761f88ef08894d3efc123593646af2256ed349283db6ebe8b6e01ec57d8609a40a0b6d5a842ba394ce0121a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
0b7849012d2e843e5eee6b77d381c848

SHA1
62a88404018dcbf3bc66cca07a79265b7af0cece

SHA256
fee169cbfe58f7fa8b7c34fcedfb7dd31966a026c55093fd73cb54c3a06e5316

SHA512
50dd19b27b8be6dc94bda4eafc303601bec797748346b515fd6ce030384107938c5310924bc0c3e02e87923fcfd9c7ba6eff6da9f5b2d47084eb38e16d906da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit