hxxp://file[://]/C[:]

Analysis

max time kernel
350s
max time network
355s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2023 13:41

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://file:///C:

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444429248114647"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "79"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2240	chrome.exe
2240	chrome.exe
3300	chrome.exe
3300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4076	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 4460	2240	chrome.exe	31
PID 2240 wrote to memory of 4460	2240	chrome.exe	31
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1884	2240	chrome.exe	91
PID 2240 wrote to memory of 1848	2240	chrome.exe	92
PID 2240 wrote to memory of 1848	2240	chrome.exe	92
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93
PID 2240 wrote to memory of 4596	2240	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://file:///C:
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0479758,0x7ff9c0479768,0x7ff9c0479778
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:2
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3988 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3760 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3928 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2936 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3132 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5592 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5904 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 --field-trial-handle=1048,i,1008658564636020698,9884060693630158434,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1472

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3901055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
186KB

MD5
740a924b01c31c08ad37fe04d22af7c5

SHA1
34feb0face110afc3a7673e36d27eee2d4edbbff

SHA256
f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

SHA512
da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
5905690d772c96e3d8ab56e44ab3b9c6

SHA1
2d7226907600e6c30d0601354ea11195ec66eca0

SHA256
0d5571deceed826d349d08a84dbfd55e0a41b8d63329ff8c6e06e4686ed57355

SHA512
3adda856e6d9a3e754950bbe058d25b89d37b29c3c0a5c59ddcf41ead2766fbfa6c29c9dc31dd68cf445a923ef02922d6270ce026659f1e052578e088d94c195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e4a612f81c094a1bf2bbc43892556716

SHA1
84b7c28f8a332a380573e3194f412e00ddb1b50f

SHA256
7dd97064e7b118ccfdf2e39c0bf161d37e0cf47f843ddb87b8be23d5285fb8c7

SHA512
d916be21e9f5aac64f8bab08668256f6440401509790c35e1d321c0fff87428a2848e7b553d432233349fbb9153480fa27211fcc727b2f8aeaf9aa411b22f736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cf4d83566ff78f5b41ca5e267fbd8e35

SHA1
be1f1770a984be4f5d14fb7f62d389382f46fd0f

SHA256
1bd3b4603d1d620a4882bac40c64cba4b727341145b93420e65a8dfa1096fe7d

SHA512
a2e2f026803e89aa7721d1c1926216c7adab4115f1fae23071f0afbb942ada826d06432de87007a694dd699ca0c73da49a90a7ee7af818f72003d5069bfdb1db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b09cfdc259ad4fc9c207123e0bbf0e3c

SHA1
8e835d228498879eeb490af1d4edfca50c6bff3d

SHA256
7d72021be969941dacc8bb207e567c9835f798671b64dd8987a0d258c7309e84

SHA512
0d4cccf008f72fa7f6d5928bf09740aacdd4b5ba781fdfc4800c7c38ffde9fb8fd0a3f945d9e45a6a51c2bd7fcdd6a6f4055adf944150146ca0001bdff3428c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
41c4a439918695bd042add66bc97a707

SHA1
48278995ee7afa7a2f96824cd2035b2bb78c6fad

SHA256
a05fdd07f3a7b654ba713a209c003d31882cb48fe7dcf5a04b92820abee88efc

SHA512
d5d25fde3fdc4e75d1fa4b2183cbd2b8acd1041ac79af58c0683b7ca24e73b72635c031bfc59cd2f01574ad01750e9ff5bbd8f46fc963bc70acdacbbf9647ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db148302fb254f46e5d10373700eba27

SHA1
bb08cb4527d52a56cee593bf9292aa4b5f41591a

SHA256
b8ed4e42025d7cc1213905e61fa2048449ea99f4f55fe1f9e906c6890a780a3e

SHA512
0bdb1b2fc89da0daa01892ccc7d6b5779284b5939a54af7b01ffbe433d475537d35ad7e9f142cc832cf2a091ba818f985d1dddda819e448e9edb9d9d1cfa04ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2b6918a13d56995408c9c6b998f02b8

SHA1
4380151da4cf35a4834dff683af93d45b0b8ebb8

SHA256
c27f0863c7beabe90766e2d8c139edd5a27c8bd49c4bde76ea08f7e4845285c7

SHA512
2f6dc30808fcafd2fadd23e615a78b1a3333e94d655ade50250a270c4f71ed5e4fdcefca8475540421793bc1008a4499fe829201319b0f1c2ac37ae1dfbb6f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
96e1bb2a5e51d62835bc3399aa17f01e

SHA1
7ab58c02440a859053af1e40255508ad90ae3177

SHA256
212bba8cd585a60b44d0b1dfdf43d6a8e0237b3e263904dac546436b98b69e7e

SHA512
4f7d6750660e414687be5c3944faa40f1a5aaacbe909760bddccb94109937717349a4f9fea383c3ea31a07d7f303785e66441675158538cd1284be7c79bedb40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8ad7d472a16329189c9bf62ef7357728

SHA1
277f6667ecfa560a2d1aa9d30e20eae2c6ca116c

SHA256
a85cd02e4afa9d7ca13bd7f37f449091df3aa9e2c641c10f2c92d89307736649

SHA512
9088c3362d05c5ab58cf73cb513092068d71dcdff5dcb6f5ffad601f80c2de4396041bb691e1f910047a4002d06d60d33a0fc35c7f6a3911f2997ca0b9dad3ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
f5eb58f5b825d20f47cdfaa0f8e660a3

SHA1
f8dc4a5f6070c389c184852effc70f0c19f473fe

SHA256
9407bb6e8fa6e924711a42e06a07b51e9d7a7c2a40c9875aadef81c82472cd2b

SHA512
4a0902715c3a50bc962f5d75859b25243afecb3f03092a6cd99269bf8486b02840d4a7bd0c6d6131f9e4903e8973d9cfbda692eb707bf18729d574004b944571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
6112528bea24759625fcf94881c65a26

SHA1
1bf8bc466e14ccb44f60ff6a775767e5f926346a

SHA256
fd09ba667d84bdbd022c636fbf620c86c22b2e93ad151ffd8f412e739b25c9e0

SHA512
4423fe2f0e3989a0a6c78d14075efd4969a61c9873b0b2bc9cb64b778ebc92b74acb599afed48e8e396034de84d4504f9006476843fbea0a4a2f4ea8f802246b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
b020498b4e9dddfdcddec1d9ec91c2a5

SHA1
b7fb686cb228568d09c12ed6fd4c2d58560ebe2a

SHA256
d1e3d1d23688cf9a61e98e85955acc241f4465a5a0b3297a57954b1f6b211fcf

SHA512
fa342a151f97d52164ddcb939f9029fa7da6706a25dabcbf58cf13254dcd3ea03ff1536286b930326f24f913fd75c2f96f80c5398fe67121ada8ac028a8b8687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
e2b484125c0832b294846254fbba00c8

SHA1
e6ac8d16d94c5245a98ecdceaeaa7aeb70ebde37

SHA256
ea2edb33c83692233b7f59aaf63bd68177f987a8625be65485518e93f374f161

SHA512
6644ed4783b67129b6acae6f8bbf892196d0ad399b0b5f35c81838e90ee8c0cd2684d75202fe9f3004ac6e97220b9880efb66f131c33848221ef248b36ad276d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ec92.TMP

Filesize
97KB

MD5
9c6ab6833edea30a055f511ed1a07dc7

SHA1
50518c38c7d4996e37ec6784806f0bdec7093cb7

SHA256
ac66bbb320d700b018c618f6ac872ff8359c6423eb21486b345d61340828f518

SHA512
4472fe51f3f6d4cc2274591dfb9b74c6deb267857c64052919fa73cd4d595d8d2f8565707ec4e2a50254a29eab137128dd19606d95d1e7adb1e42b8656443442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0efb787c1379a426fc52e622e7787782

SHA1
97eed2f7dfac1043508bb30937fe1cb5a316e771

SHA256
0a905588baa5448040bf0a4b75525899785d1d72a27553061d60a74feb0c7da2

SHA512
0bcf7760d61054bbd5d476e1fdb3e7cb6af2e3ee8d38cbbad02336ee16ca10daeb456486fc3497474975a7faf82d79ba5f11195039591cbb26e0cc2666ca115b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit