hxxp://o[.]dripemail2[.]com/wf/open?upn=KXFqfFTrSfo2G2xlmAQxa-2FcnUvQIKNK8RJqlFyOVVQlC6QQ9csOww5Wa2AR0ITFmm59LmgTe9Z0kLlrbElCxGdL-2BOFcoz7ZKk1Ur1RDWsbPlDHk2kUnJPPK4V7xVA-2Ft-2BX7eOsqoLqSdPzq1wkHtgK5OFf2l0-2BCjsWkLX-2FprIOZYx61Q7U7GQql14ryS-2BVopWmvaP7F3Sbc2ddG-2Fy-2BEw0r3NTyvxrlQP088uBF6-2F0FaZVwRhP1ATOVPxn5nPwUruZytuY27EHuMBETPzhGV0z90dsI71AmCqoN2evs0TRCO-2B0Oi4LymC2rqTa4P9xnUQNgijZghPhxKoSX4MBkc4cGLOX9oc9Ob1NKtmpJupHesPatNLogDdVXrNVdNPk4c08dPvBAVjjj9nS9qZsXe7LKUAbNOYXjzAM8uZjFwIVYDSwWyLMW-2Fa9j5TF74wnlyonfGO2IbqgPpJHR2XY17-2BSeWidHg4EYxAWSuAE7OyhA5Zd-2F9wk6learIaRpQXn7QoDdwBRrRR-2BkqOtUKGb0Ld9J0c8PPlpnW1HZnxkDd3BRuqBvD3jQpIpENPbrTUogvimjgeNlu0ZAl6azwXBbhb13Kvqg6tbxzVw1-2BMW6WCSYZiYi-2FjBGIjBUgMjlLi3Ihdu8-2FtWB4p4Dp1BePwqQGGq40chIOyzsIVYH2sMsTHY1tAuzeIBDlY49mbzpPrQHpMy8wCUh9ZB9eaJw6EjhzZC9OgHR8OvspJIuREDNvoKgNFeLh6gB4Jp2yB8fbX7zmpH-2BWB2gQmWwHbuDxYdJiopQ9eD99rGr79sPM3FYJTfhzPwSfpaYNaTfjoeUKrw5xkf8IX9FFAzpqlAbQajsg2N-2Fsji1s-2BH37e7pZnHPfyCJ7vyRdCiD7xy48ldRP1gTzhLTfZkFZJMvV2BgPh3k9vf49yDgM9oJ-2FzG7cMQBxUv-2Fwa6ALWNPTfplZSCQbbaD04EZRPi7a0y5HOwkJO47Bw3tQ-3D-3D

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://o.dripemail2.com/wf/open?upn=KXFqfFTrSfo2G2xlmAQxa-2FcnUvQIKNK8RJqlFyOVVQlC6QQ9csOww5Wa2AR0ITFmm59LmgTe9Z0kLlrbElCxGdL-2BOFcoz7ZKk1Ur1RDWsbPlDHk2kUnJPPK4V7xVA-2Ft-2BX7eOsqoLqSdPzq1wkHtgK5OFf2l0-2BCjsWkLX-2FprIOZYx61Q7U7GQql14ryS-2BVopWmvaP7F3Sbc2ddG-2Fy-2BEw0r3NTyvxrlQP088uBF6-2F0FaZVwRhP1ATOVPxn5nPwUruZytuY27EHuMBETPzhGV0z90dsI71AmCqoN2evs0TRCO-2B0Oi4LymC2rqTa4P9xnUQNgijZghPhxKoSX4MBkc4cGLOX9oc9Ob1NKtmpJupHesPatNLogDdVXrNVdNPk4c08dPvBAVjjj9nS9qZsXe7LKUAbNOYXjzAM8uZjFwIVYDSwWyLMW-2Fa9j5TF74wnlyonfGO2IbqgPpJHR2XY17-2BSeWidHg4EYxAWSuAE7OyhA5Zd-2F9wk6learIaRpQXn7QoDdwBRrRR-2BkqOtUKGb0Ld9J0c8PPlpnW1HZnxkDd3BRuqBvD3jQpIpENPbrTUogvimjgeNlu0ZAl6azwXBbhb13Kvqg6tbxzVw1-2BMW6WCSYZiYi-2FjBGIjBUgMjlLi3Ihdu8-2FtWB4p4Dp1BePwqQGGq40chIOyzsIVYH2sMsTHY1tAuzeIBDlY49mbzpPrQHpMy8wCUh9ZB9eaJw6EjhzZC9OgHR8OvspJIuREDNvoKgNFeLh6gB4Jp2yB8fbX7zmpH-2BWB2gQmWwHbuDxYdJiopQ9eD99rGr79sPM3FYJTfhzPwSfpaYNaTfjoeUKrw5xkf8IX9FFAzpqlAbQajsg2N-2Fsji1s-2BH37e7pZnHPfyCJ7vyRdCiD7xy48ldRP1gTzhLTfZkFZJMvV2BgPh3k9vf49yDgM9oJ-2FzG7cMQBxUv-2Fwa6ALWNPTfplZSCQbbaD04EZRPi7a0y5HOwkJO47Bw3tQ-3D-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133505998742426766"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 4788	5008	chrome.exe	47
PID 5008 wrote to memory of 4788	5008	chrome.exe	47
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 232	5008	chrome.exe	89
PID 5008 wrote to memory of 4016	5008	chrome.exe	90
PID 5008 wrote to memory of 4016	5008	chrome.exe	90
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91
PID 5008 wrote to memory of 2720	5008	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://o.dripemail2.com/wf/open?upn=KXFqfFTrSfo2G2xlmAQxa-2FcnUvQIKNK8RJqlFyOVVQlC6QQ9csOww5Wa2AR0ITFmm59LmgTe9Z0kLlrbElCxGdL-2BOFcoz7ZKk1Ur1RDWsbPlDHk2kUnJPPK4V7xVA-2Ft-2BX7eOsqoLqSdPzq1wkHtgK5OFf2l0-2BCjsWkLX-2FprIOZYx61Q7U7GQql14ryS-2BVopWmvaP7F3Sbc2ddG-2Fy-2BEw0r3NTyvxrlQP088uBF6-2F0FaZVwRhP1ATOVPxn5nPwUruZytuY27EHuMBETPzhGV0z90dsI71AmCqoN2evs0TRCO-2B0Oi4LymC2rqTa4P9xnUQNgijZghPhxKoSX4MBkc4cGLOX9oc9Ob1NKtmpJupHesPatNLogDdVXrNVdNPk4c08dPvBAVjjj9nS9qZsXe7LKUAbNOYXjzAM8uZjFwIVYDSwWyLMW-2Fa9j5TF74wnlyonfGO2IbqgPpJHR2XY17-2BSeWidHg4EYxAWSuAE7OyhA5Zd-2F9wk6learIaRpQXn7QoDdwBRrRR-2BkqOtUKGb0Ld9J0c8PPlpnW1HZnxkDd3BRuqBvD3jQpIpENPbrTUogvimjgeNlu0ZAl6azwXBbhb13Kvqg6tbxzVw1-2BMW6WCSYZiYi-2FjBGIjBUgMjlLi3Ihdu8-2FtWB4p4Dp1BePwqQGGq40chIOyzsIVYH2sMsTHY1tAuzeIBDlY49mbzpPrQHpMy8wCUh9ZB9eaJw6EjhzZC9OgHR8OvspJIuREDNvoKgNFeLh6gB4Jp2yB8fbX7zmpH-2BWB2gQmWwHbuDxYdJiopQ9eD99rGr79sPM3FYJTfhzPwSfpaYNaTfjoeUKrw5xkf8IX9FFAzpqlAbQajsg2N-2Fsji1s-2BH37e7pZnHPfyCJ7vyRdCiD7xy48ldRP1gTzhLTfZkFZJMvV2BgPh3k9vf49yDgM9oJ-2FzG7cMQBxUv-2Fwa6ALWNPTfplZSCQbbaD04EZRPi7a0y5HOwkJO47Bw3tQ-3D-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c929758,0x7fff8c929768,0x7fff8c929778
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:2
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1880,i,9864241892083324163,13324282854140450892,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
823B

MD5
f3c9dfe63313dffedc0b97bdce7770bd

SHA1
d2a714d6ce34697e7ea4715b16717ae20dcb62d3

SHA256
777ffce6a16d126d99849837e723063a9565f7371cf24742b6e976457843a795

SHA512
2af990e2c7471e2a13b0d341540624c29854b72bc198e5d92f09cbeaa50461fdcdd650100edc23c6591005310b453da7cf2ca7cdeeee04f8d5e91d9848fb6c20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1f967b21b847708e6dea471aecf27ce1

SHA1
f93a6c1bb3f25b9afbe293489e8381ffd8bc5761

SHA256
6b2ec69d6ba2b6b4a82b9a371572b434706b79e69efdd333f9d678cd62bbf1f8

SHA512
6fb51996c2a096f3b07324f8bcaeb9b172c244b378c59c274578434615383da5bf3ed56a3913db129b9fdbc222c12c0b515ab7ab038f1b2df99671e942122b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
36bed05ae9edb755107ed53a99cc3112

SHA1
7eea015b510a0e6e27150f2aaac00f20b0045054

SHA256
aedea90e64b2408aca8d595430d4c24e446025d865d11b1660896d16a2fd7596

SHA512
ac08601ff1416a153067a70d896a09a729f6fac7b61cc7cd2c8714cafde835c2cc7b3644e671a8d98c07ef62595832b8a952b20197a6bf85864022b742b64fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
7286520764d4e9f4cddb2b0946d51374

SHA1
a2f8bbbfc8a0a1fb6848ee3ad1a80abf63969c66

SHA256
7dc9478942553729bc80bcfb19f9b762b82fb1daee7423623f4a1b013b788bbc

SHA512
532ecc545b6e170614a28be7e3bbaf4a1bf9f9e3841471477e6c9e364bbe0a8ac37bf586e04130a61d73f0cb3142ad5f96252931a2272f74a0f5486e8d28684e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
dc5cfa7bc53aaf2777bf81aefc51adf9

SHA1
4e7b0647a779892929cc131e3acb3a6bbf957e86

SHA256
738ba90660c0e2c3b612ff91f425eedd66137cef6f5d48aae8c62ffae4040253

SHA512
212634022e4ee2d3e1fcfb5bcecc3e3c5045b8a6dc5f416ff4e52e87b7724d83b78bda4ff13a8f522851ad041a093e50e98917c7e7d50e068f6c6596fdb1ec73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ea0e7c14fbc9ddf6d118ecd374579c64

SHA1
2069f03a0b21f3c236754e20372501e0707cd481

SHA256
83c206ac25e9621964ebd4bc9d4ab0d71108fdcb355e3e2b70eacf3c109b4eb6

SHA512
694e990802fdad2bb66b23b0ecfc8096170f6a2e96a27144f664d8fc7bc88591520c00d73213ae1e938e76181e52332325a4976ffb9a33e4f2021c22daee0a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit