hxxps://publuu[.]com/flip-book/359793/824438

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://publuu.com/flip-book/359793/824438

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133495084304353111"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
5244	chrome.exe
5244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: 33	2512	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2512	AUDIODG.EXE
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 4572	1252	chrome.exe	68
PID 1252 wrote to memory of 4572	1252	chrome.exe	68
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 904	1252	chrome.exe	91
PID 1252 wrote to memory of 4088	1252	chrome.exe	92
PID 1252 wrote to memory of 4088	1252	chrome.exe	92
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93
PID 1252 wrote to memory of 60	1252	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://publuu.com/flip-book/359793/824438
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe752a9758,0x7ffe752a9768,0x7ffe752a9778
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:2
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4684 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5092 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5024 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4540 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5696 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5016 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5512 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5608 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=932 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5776 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4988 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3976 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5060 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4876 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5712 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5904 --field-trial-handle=1956,i,17139674582002437223,18029245485970380313,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5244

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2380

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x244
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
432B

MD5
0a331191cb4c0752ea1e658316b95c22

SHA1
84d80f97235449ae39a36c659dc4e048067e4173

SHA256
7ea7f81126d3bb263321f32e4e4348006e21a44659c3aaf102eed8c7f49e25d3

SHA512
fcc192ae2fac430d9dd39e3e23c4c90097c857a07548487705e9d5edb14595253631c5c756a64cc3e66634135e609cddf9ceda9554be48f832296ddcae22d572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
9be6345250ce769fed7cbc646bc25062

SHA1
de13a97f1b0b5d3088e48ff86737ed7005eaa2e1

SHA256
faceb9939e6b7947c697b0dbf0eaad3d80c354c19a8859086702184450109f07

SHA512
ce247034bfda8d9355f6475234754b58175e4d0c5add7dd73735271c70b5aa5c49d2b9afbd682e28cb1d6b9b44ecfdb71c43da4446d061df906a29a133557168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3f8512c4410c167a82013aa27ed10f73

SHA1
0607be6f31f001957b7bbca396cc6e55ab169e55

SHA256
d87a1227f443a19843ef7c8edc126b166c393b0cb87cdf3ee73380d1b8408041

SHA512
5ea4806f801913df87d461d9a383bab68a6ee9dba250453853d560e8da7dbd112d76fb350341ef44d4d5df32cf42382c7a08cd9f510ef69344ee28b5e9587d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3aa18a5668c92289526c1b530ae9da3c

SHA1
797893efc91497d7f606cbd26271f10335ce8f96

SHA256
f130c9d00bbd4811fb2224ea8bc57b400a241fc8ace62fd4f55a15211a411103

SHA512
324ff48f83591c144b174bf5901c4e96afbc497e7d4b80cbebdda9fd7746c5bf8a6e3fb8841110638843ead85b92fd51b9f90c943babb64d7b444c9cabdfe2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
708cf615f607173709a4c8f21982ae7a

SHA1
122abd0bb6860e26d893826caf705d55fc0d3058

SHA256
5691da17fdeaccc165667ca1aac1c5404032a7954ddb242914c120cf83aff187

SHA512
8d4d3babf493dec71712512c54b3b4b6ca71072556770b930b9ec563c1740ef5b7a4d864ae0ddd89b3bb7c72fc7c16541eddc8e1abdd0231a67c2be0ff619568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3ec1894e09171398e40128e0414ab235

SHA1
d30d7f8a0ecad001ad7e45cf0c47b26c85495854

SHA256
9d6b2af4b07e5cf5eeb716030bc6fc2ba5fd4bc2678b5ec0ad377d7d8deb69ec

SHA512
0c27edd83e01feb994d12100990ec28378683d46f861990a48df5851b49409830c42d8dc7d165ce25177249c504e066a4886c12ccbd1ebabf5f71ff47bf941b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
89265dcaecdd2f675dd5ca5c9a37479e

SHA1
53155048563e6381614293ed47cf414db16b6cc3

SHA256
9c7783ae29896c9272a37825508291a3ad78133d31dc3e983d8eebcba51c712b

SHA512
04ac966287009b14005f59c7c9e09e469e4a2b3495339119ba3860b1d8650dcf244e3c0f340f5a973b9a941a3f916c0a1b200d211d936d7bbeb67ccf5ab1e6a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1fe212b8f98323288a6903cb5fdbe701

SHA1
5d0c01737540b51b6a9b0a3c5b57e813d57046ef

SHA256
63e2b10af3bb00f9eeef466a74468398c0ce75e2025f0b63f6fb18ac980bda55

SHA512
440d8499a73eef01fe23f95bbea202df67844c346f3eea6c61182392912f650d828ce402696c6ca222412b2658ff0de16ae263b0cb618e3c6e847711ce130679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6492008ac7edf9a58a028a693b58fbd6

SHA1
d0d71c44ec03672908b82144efd3a1fdff4b6b82

SHA256
c2067067b8314d7752ab2217532beafd7642a2e741dfdeaa616b5a5eef71b772

SHA512
a401516996d7e0fad11f1ee6e548d622c2c6c078fa47d83f96e74361c938dbdf38c48eef430a30a2740f7d97bbb2a61fd762d311bbbbb95dff22777faa8cd5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f13be600aa4056eea0bb811062089546

SHA1
2eb608e124b4d15ea102cc4c97bd77b91778e822

SHA256
242559a6d202c72a2c26b8305893ad1f69399a81a86af5618ea16d2231858fad

SHA512
a5471a703df92a2b369c8a7fa75f661600e047f81cbfd1559c24cbf106a3e55d71f97cda78bb16003aaf6a26f6f0fc7d90879c5408b458c4f8321167a7d770e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb3d64333fb3392d44472281c4684c52

SHA1
c545d3fdf9ab5e5be872c2fce31c7d0473e1d52f

SHA256
98fe2c707d76a79f9529027809e7d46f9dae918238a4ecd2b89b6528c8e72d66

SHA512
c6fb09af8aa60d71dfeeca7a20c675442990dff8efeec99086e22e01695ac93dc0698c875793e81403131aeabb0d6d34261c06dce31c64df0f1d83b77be56993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
401505df72450fdaeaf3d4e4d0e2df78

SHA1
b5a48472fe85078847efacddd616f0c6ec770487

SHA256
dc71534ffba7e081eaa37c26c11e1fb639261da76a872e5773123395841b1980

SHA512
ecef7fd24274008e160c843b3aa3a80450001e6d303bcd7d334c6f5085df8a6148203f561e744e9774b191ff539798aa626d6924c23b063a0bc8a6f11305ad3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
3c07efd99e83759b0105d757433d549c

SHA1
f268757e56be99feb190ddaf0779d22a110e6037

SHA256
c5dacf18aa093481675d981115a5976670919ae09d8fb0ba3170e71e9df518b9

SHA512
549e6d21da90187eff2950e01c94f107a68671f43528f765ffb0807b1b655185383d5dbfd0cd73790ea986fc79e2d2d03b1c117990cb9873a5f4214fcfd59957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
1b611daace0be69e08dac36e9ea18e40

SHA1
f63ebba63c143dd5482b3cf531ec78fb3b5baacc

SHA256
56e8469f879be3c19aba08122b0c9762554b6014bf2a8827c2a175489d2bc8eb

SHA512
78d430983f05da0d83fc473bde59d085f920401e225e50ba579488409958c2c364fe5bfdf19871746c04da581e27a4c47ce49ea52efb96ee4d54fdb81e806226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bb32.TMP

Filesize
101KB

MD5
f662c67517bad1c0a4f35a092595c048

SHA1
10c672f92ed1200ea07fda07b5ee3c1ab6bec9bd

SHA256
32359c12500b44f02519c577c59d09524d6aff01470dc7fbfdffa8771a6b6387

SHA512
e524fd4f5a820719fcec4d268c6d6cecf332f023a5fc4a1e0ed1a9c1dd756ae959e4763ea6fd5f88a0c7db6325e3234d31896c37c34440fcaa3c858afd009f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit