302712e1c3585790951c6eebc58409b73c2d7cb8511b9b4207ea7a396deb806a

Resubmissions

12-01-2024 16:26

240112-txkt3sbfcp 1

12-01-2024 16:23

240112-tvs3nscbg7 1

Analysis

max time kernel
150s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
12-01-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

stardock-start11.html
Size

77KB
MD5

e814d69c229bd58c291faaa76dbd4dea
SHA1

6cad1be02a635eabc0a5d0909e1af793fa78baca
SHA256

302712e1c3585790951c6eebc58409b73c2d7cb8511b9b4207ea7a396deb806a
SHA512

a3ac08a13a8d70e4cd2564cf55c506f3d8cda084395ed2a67a1810d3d94aace53a4eb2659a73df500f9a57769d6e1a4de4de58cf7b6bf98a2485d5ce503bb6d6
SSDEEP

1536:6/08BRAw+fHTaewyQp15ekeMe7Ne9eROk4O3HEzYtjuzicE1mh2We:6dBk+k4MHE0tjiha

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133495502144710187"	chrome.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe

Suspicious use of SendNotifyMessage 57 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe
4372	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 952	1640	chrome.exe	84
PID 1640 wrote to memory of 952	1640	chrome.exe	84
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1532	1640	chrome.exe	86
PID 1640 wrote to memory of 1440	1640	chrome.exe	87
PID 1640 wrote to memory of 1440	1640	chrome.exe	87
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88
PID 1640 wrote to memory of 1828	1640	chrome.exe	88

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\stardock-start11.html
1⤵
- Modifies Internet Explorer settings
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa88a39758,0x7ffa88a39768,0x7ffa88a39778
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:8
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5312 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4920 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3312 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3912 --field-trial-handle=1836,i,2132051190407570893,11411021656722512905,131072 /prefetch:2
  2⤵
  PID:4584

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4444

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
1dddb610f24770f5b3da1ce47de0c350

SHA1
da13f92c0d2e527570ad9f07b3822ba737d3f8f0

SHA256
54273fe76d34197106ef0803b11937e9c272f78218163afd138be0b5dee2693a

SHA512
0bac46fc179359e19f16e428817a4458176344c3092d60b9e79a1608ca0a463ecfcd4a67baa133b0c7b4356dbc06c6b64fb331757dbd6bc88728725a0cd388e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8f899236f3b516fba8f8573337d084da

SHA1
7154d3bbe7e157d9df143564f288add5aa29d3be

SHA256
f86b71545f59d6183d60d8a344e5ef73eb80ad68071cf868a901dec10e3bab4a

SHA512
cd871c7084a3a5f679eb39deaa0662e9f9f17bbf481adcf5d04adf2f35f3a4d6b009999dc277f9dcaa46d4a75490ed3b1d28c06e506978c377d61c3ae00a8805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
a78a97fd725ea324e13298b57f591dc3

SHA1
fdc0a8c0ebc93b373d28f1759d8101199776588c

SHA256
e7d782036598ee0c356ff3dc3c27eb150bb5ae9d10ca723a5957efce4f03abac

SHA512
d7bbf9234947489664ef2f9d8d1b4ca35924c7ddda2f58269b0854c895d9504b414cda72900d406f86e0f6362567319d28a9eb05511b3960604c53290f3f6546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b156d3a0ed055340a95d954258f9f20d

SHA1
0708b71ff6c5976644e4e9f6b02afad53a0e1d17

SHA256
ecd06410516a9feb660fe17259009c6ef4afc928931698cd59d20a3d138f75b2

SHA512
58302d83b0be7887cf710dd3f3e3bc160906614d45891048a66fc14a31b27dbde3e1c31e0bf2bee6037e899f9a49e2c1d48de9d75246323f73ffb86bb5da3d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
a868dc9c50d523a77ab0f030ce9f308f

SHA1
f1bab09da883364be470ca9e0d46bb0c49b85aa3

SHA256
cffa8cc8835468a7059282bb4dedd567086571cf4c71972937c193dfc067f7b7

SHA512
b9659a0e2d32225175770a2c429368307b35010dba8a160c72635df40595d4c7ddc7f9294c8a42a8918cd9bfb9d433418d317e638bf6ce82bc6b40f06d21ab9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7620adc4283ab63ddf03038dfa4736af

SHA1
91051153b2676edac2409c7270a183ccf89c098f

SHA256
96f9983c434a6e6084a4dd9b93269d724b9935a9ef0cfe3ba08e4d21e50312b7

SHA512
1a7f4b46151b81a98b5189b2fc4be006f83e1fa4382a05da8f042f4507eab2e768243690e641ed92bbeb4b5b52e95e2700c54ca5a48de2b855ff99835faf0933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0a716d8ac007351d3bc5fb12c6b58c6c

SHA1
1c920dbe7613f5c90d2accbdd8fbe53f46cdf99c

SHA256
64a761bd4c25769af5697fc4b5a0134005816698348e2a406738537f11365aa6

SHA512
30183e03bbe4f1b7de2641879cbf14debe5d1836a76ea32f9dbd13cebca626322d42bf6dfcd182c08c886ff2aec3ee4800dbb4966aff371f8cc0142df1a17c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74ef15be7c476e9fc1719a71d43441cc

SHA1
464e8f8381979d196e7c4762702c9574f71fb7e1

SHA256
4f0a5a875973fab987b7e5b7435c209df8c28df6cf6cac32409fc4f9e4c5c837

SHA512
a9c2c53494e21183d0675abddefacb9e42b1aa48eecb7455838467560445b20488899dd2431890935302e099e14531bb6b55d32827a502c9417c01ddd9c4c235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3cb633938b6cd98aea1798626059cb8b

SHA1
9dcd142434826a6c92a450444a1b82b1167f03d0

SHA256
0a12984e4626ff9dbfd8c484ad7dd2441cb6cea12e9739b8a074b05c6b9e0b47

SHA512
0aa9d5c40a8d51fdf98ff24b11b987acfe151176ade31a72bfa6838911dcb955bd9ca18948b79367ba5dc9ae22e1bece9f153b35dff22adae867939bb7d28837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
59ef8e68dc6b7c711ab058ef24662562

SHA1
a670fd4c0b866e2d76ab394058eb668623d9a0d4

SHA256
8fadde50684ed3e0576fad21a135354aae506b500697a2fdddb81ca30caf7ae3

SHA512
6dcfd7edcb18cca2f072b53ce632c300deda8041c0168a48f4c42676c77f1e2b49cf6245cf9f6c38f4d2535083a36ebe91a982312716587b16d33c08946d8c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/4372-155-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download
memory/4372-156-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download
memory/4372-162-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download
memory/4372-161-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download
memory/4372-165-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download
memory/4372-164-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download
memory/4372-163-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download
memory/4372-166-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download
memory/4372-167-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download
memory/4372-157-0x0000023B89690000-0x0000023B89691000-memory.dmp

Filesize
4KB

Download